Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Hotel guests locked up after ransomware hits Austrian 4-star


The electronic key system of Romantik Seehotel Jaegerwirt in Austrian Alps was compromised by hackers, forcing managers to pay a bitcoin ransom in order to recover it.

The 4-star hotel's systems were frozen by hackers last week which resulted in the complete shutdown of computers.The 180 guests in the Austrian village of Turracherhohe pass found themselves unable to open their hotel room doors and in the end the hotel ended up paying about $1, 800 (two bitcoins).

In a series of emails, the hotel said on Tuesday (January 31) that the infection also resulted in new guests being temporarily unable to get keys to their rooms. The new arrivals were treated to champagne while they waited.

The hotel was also targeted in November by ransomware that forced the hotel to pay €1,500 ($1,603) in bitcoin in order to take back control of its key system.

After after being repeatedly targeted by hackers, the hotel has decided to ditch its electronic room cards for the old-fashioned locks and keys.

The restoration of the systems after the first attack did cost several thousand euros and the hotel did not get any money from the insurance so far because none of those to blame could be found.

One of the most astonishing parts of the Austrian saga is that there was apparently no such physical fail-safe mechanism, despite the fact that electronic key cards—as every hotel guest well knows—malfunction all the time.

This is a good demonstration of why electronic systems need physical backups.

These sorts of attacks remind us of the extent to which our physical surroundings are increasingly controlled by computers. A door you can’t open is, in some ways, scarier than a digital file you can’t access.
Read more »
Featured
Featured

Indians Behind supplying cyber weapons to Islamic Republic of Mauritania

After Edward Snowden scooping incidence of National Security Agency (NSA), every country went frisk on spying. An Indian coder, Manish Kumar promised the  President of Mauritania to help them build a mini-NSA like an electronic spying apparatus.

Kumar, who owns a spying company Wolf Intelligence,  met Ahmed Bah dit Hmeida, an official with the innocuous-sounding title of counselor to the president, made a deal to develop a sophisticated technology  . The total contract was worth $2.5 million, and they transferred half a million dollars into BVI account of Wolf Intelligence(Manish Kumar) as a down payment.

Mauritania is perhaps among  one of the few countries in the world where slavery still exists, and known for spying against journalists, activists, and political opponents. Since 1960, it has seen 10 coups.



Mauritania expected Wolf to develop a software that  would allow them  to attack and spy on  multiple targets  at a time over a large network. The network mainly  include  a nationwide mobile phone provider. The  promotional literature of Wolf  promised  to build a silent SMS attack technique that allows full control of someone’s smartphone without requiring the target to click on a link or otherwise interact. Mauritania targets  individuals accused of terrorism, but occasionally they’re journalists or protesters, too.

For this, Wolf needed a special  team of coders who are  capable of circumventing security measures on Apple smartphones. Kumar knew that hackers in Israel had developed it. However, it cost $1 million. That was only possible when  Mauritania  deliver its next payment.

Bah had warned Kumar that if  Wolf’s system wasn’t fully functional by the end of the visit, neither Kumar nor the technician he’d brought with him would be leaving the country. Uncertain of his intentions,  Kumar joked he would need a vegetarian meal in Jail.

“One small mistake and everything’s gone—money, life, everything”

Kumar tried his best  to explain that he didn’t have the silent SMS exploit yet, but Bah didn’t believe him. After this Bah  prevented  Kumar and his colleague  Nafees Ahmed from leaving Mauritania. But Kumar managed to flew to Europe.

According to Kumar, Mauritania agreed to pay the remaining balance of $2 million if he would send someone to the country until the software was operational.

An Israeli acquaintance helped  Kumar by putting him in touch with Tel Aviv-based exploit broker named David “Dudi” Sternberg, who said he could provide what Kumar needed.

The deal did not go through. And Kumar could not deliver the exploit. He had "Nafees Ahmed" leave the country saying that he is sick. But Replaced him with an Italian Bodyguard called " Cristian Provvisionato " and fooled the officials into believing that he was part of the company. But  Cristian Provvisionato  was only hired to come to the country as a "Bodygurad" and was not explained what he was getting himself into. Finally Kumar escaped the country leaving  Cristian Provvisionato  behind. The Officials arrested  Cristian Provvisionato  and charged him to cheating the government , he is still in jail for the last 14 months whereas Kumar and Ahmed roam free. They have completely abandoned him. 

key points:

-Cyber weapons are banned to be sold. Islamic Republic of Mauritania has poor human rights record and slavery still exist. These tools will be misused. 

Wolf intelligence is registered in Germany(Munich), CEO is Swiss named Martin Wyss. Germany and Swiss government should introspects if their soil is used for selling cyber surveillance technology/weapon technology to Islamic republic of Mauritania. 
- US Wassenaar_Arrangement prevents selling of surveillance/monitoring to countries.
- India should investigate because both nafees ahmed and manish kumar are Indian citizen and have got 9.75 crore into bvi islands shell company. They are Indian citizens with Indian passport(with german visa, german registered companies). They can be investigated by Income tax/DRI/CBI for money laundering and moving money to tax havens for selling cyber weapon.
- The silent SMS exploit kumar talks about to sell to islamic republic of Mauritania comes from israeli exploit broker. It is interesting to observe that Mauritania has severed all diplomatic ties with Israel.
- The imprisonment of the Italian Nationa l" Cristian Provvisionato " due the actions of Kumar should be investigated.

Orginal article from: https://www.bloomberg.com/news/features/2017-01-18/the-post-snowden-cyber-arms-hustle
Read more »

TREASON CHARGES PRESSED AGAINST RUSSIAN CYBERSECURITY EXPERT

(pc-Google Images)
Manager of Russia’s biggest cybersecurity firm, Kaspersky; in charge of investigating hacking attacks has been arrested, the company has said.

Kaspersky Labs on Wednesday confirmed reports in Russia’s respected Kommersant newspaper that Ruslan Stoyanov, head of its computer incidents investigations unit, was arrested in December. Kommersant said Stoyanov was detained along with a senior Russian FSB intelligence officer under the charges of treason.

Kaspersky’s spokeswoman, Maria Shirokova, released a statement that Stoyanov’s arrest " has no association with Kaspersky Labs and its operations”. She said the company has no information of the charges Stoyanov faced, but added that the investigation dated back to the time before Stoyanov was hired by Kaspersky.

According to his LinkedIn page, Stoyanov’s previous jobs include a position at the cybercrime unit at the Russian interior ministry in the early 2000s.

US intelligence agencies have accused Russia of meddling in the presidential election through hacking to help Donald Trump win – claims that Russia has rejected. US and EU officials have also accused Russia of hacking other western institutions and voiced concern that Russia may try to alter this year’s election results in Germany, France and the Netherlands. It was not immediately clear if the arrests were linked to these allegations.

The FSB’s press office was not immediately available for comment. Kremlin spokesman Dmitry Peskov also declined to comment.

Andrei Soldatov, who has studied the internet and Russian security services for more than a decade, said the arrest of the Kaspersky manager was unprecedented.

“It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky,” he told the Associated Press. “Intelligence agencies used to ask for Kaspersky’s advice, and this is how informal ties were built. This romance is clearly over.”
Read more »

DELHI HACKERS ARRESTED FOR DUPING ONLINE VOUCHERS WORTH 92 LAKHS

(pc-Google Images)
Four young hackers have been arrested for allegedly digitally shoplifting vouchers worth Rs92 lakh by tampering with the data of e-commerce websites at the payment gateway stage. Two of them are BTech dropouts, one is pursuing engineering while the other is a BCA from Delhi University, police said.

Calling it the first such case reported from the national capital, DCP (south) Ishwar Singh said these hackers used the stolen vouchers at popular e-commerce sites such as MakeMyTrip, Flipkart, Amazon, Dominos Pizza, Myntra and Shoppers Stop, among others, said police.

To avoid tracking, the accused never stayed in any place for more than two days, but they spent their time putting up at five star hotels, flying by expensive flights and spending incessantly on their girlfriends. They would ‘show-off’ their lavish lifestyle and offer expensive laptops and mobile phones for dirt-cheap to their friends on social media.

To come across as well-off persons, the four would hire cars like Mercedes and BMW while travelling with their girlfriends, said the DCP on Wednesday. The three 18-year-old arrested youths, led by the alleged mastermind, Sunny Nehra, had allegedly undergone extensive training in hacking and had tied up with professional hackers in India, Netherlands and Indonesia to learn the tricks of the trade. Nehra, a BTech dropout student, had obtained an additional expertise in looking for vulnerabilities in online payment sites. A few months ago, one of his hacker friends informed him that PayU, a payment gateway, was suffering from vulnerability and could be tested for “data tampering”, said the DCP.

(pc-Google Images)
Explaining the modus operandi, Singh said, Nehra and his friends would first opt for a purchasing an e-voucher from the website. Using credit or debit cards obtained on fake documents, the hackers would enter the card details and make the payment using the PayU payment gateway.

Once the payment was being processed, one is generally led to a page that asks not to ‘refresh’, ‘cancel’ or ‘go back’ until the payment is through.

It is at this particular point that these hackers would press the cancel button to “freeze” the page. Using their hacking skills, they would change certain values before again proceeding with the payment.
Read more »

VULNERABILITY RESEARCHER EARNS 32k AS REWARDS

(pc-Google Images)
For the second time in less than a year, researcher Mariusz Mlynski has been rewarded more than $30,000 through Google’s Chrome Rewards program.

Google on Wednesday released Chrome 56.0.02924.76 for Windows, Mac and Linux platforms, and Mlynski was acknowledged with finding and disclosing four high-severity vulnerabilities that were patched. The vulnerabilities earned Mlynski $32,337; last May, he pocketed $45,000 after finding a number of high-severity issues that were patched in the browser.

Mlynski has been an active browser vulnerability researcher, in particular at the annual Pwn2Own contest. In 2015, he used a cross-origin bug in Firefox to gain Windows admin privileges on a machine, earning himself $55,000; in 2014 he won another $50,000 with chaining together two Firefox flaws to gain privilege escalation on a Windows machine.

The latest version of Chrome includes patches for 51 vulnerabilities, seven of which that were rated high severity qualified for rewards. Google patched 14 high-severity bugs in total, with the remainder discovered internally.

Google is also expected to begin deprecating SHA-1 in this version of Chrome. In line with the other browser makers, Google said in November that it would remove support for SHA-1 certificates starting with Chrome 56; Microsoft and Mozilla have announced similar deprecation schedules through the next month.

SHA-1 has long been considered a weakened hashing algorithm and susceptible to collisions attacks. Experts are urging site owners and application developers to migrate to SHA-2 or other modern algorithms, but success on that front has been mixed.
Read more »

KEYCARD SYSTEM; A NEW TARGET FOR RANSOMWARES

(pc-Google Images)
Recently, hundreds of guests of a luxurious hotel in Austria were locked from entering their rooms when a ransomware hit the hotel's IT system, and the hotel had no choice left except for paying the attackers.

Romantik Seehotel Jäegerwirt 4-Star Superior Hotel had confirmed that it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their key card system that prevented its guests from entering or leaving their rooms.

Besides gaining control of the electronic key system, the hackers even gained control over the general computer system, shutting down all hotel computers, just for the fun of it. Once the hotel made the payment, the system was completely restored that allowed the hotel staff to gain access to the network and hotel guests to enter and exit their rooms.

Fortunately, the security standards of the hotel had been improved by its IT department, and critical networks had been separated to thwart the attack, giving attackers no chance to harm the hotel again. 

"The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case. The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found. Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly."

The Ransomware had stolen the nights of many businesses and organizations, as they would often be blamed to fight up to this nasty threat.
Read more »

Austria's top hotel keycard system hacked

Recently One of Europe' top hotel had to pay thousands in Bitcoin as ransom to cyber criminals in order to free hundreds of guest who were unable to enter in their hotel rooms because cyberhackers managed to hack their electronic key system.
Hotel managers at the Romantik Seehotel Jaegerwirt, a luxurious 4-star hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria were very furious with the incident and had decided to open up about the incident in public to warn others of the dangers of cybercrime. They wanted serious steps to be taken to curb such kind of activity in future. The hotel has modern IT system which included key cards for hotel doors like any other modern hotel in the industry.
Hotel staff confirmed that the hotel security system has been compromised three times, and the cyber criminals have managed to break system security three times in the past.Hackers used to take down an entire key system and the hotel guests were unable to get into their hotel rooms and new cards could not be programmed.
The latest cyber attack which happened on the opening weekend of the winter season was  so huge that it had shut down all hotel computers, including all the cash desk system and the reservation system.
The hackers demanded ransom of 1,500 EUR(1,272 GBP) in Bitcoin and promised to restore the system quickly if the demanded money was paid to them.
"The house was totally booked with 180 guests, we had no other choice. Neither police nor insurance helps you in this case.", Managing Director Christoph Brandstaetter said.
"The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found."The manager said it was cheaper and faster for the hotel to just pay the Bitcoin.
Brandstaetter said: "Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly."
After the hackers received money, they unlocked the key registry system and all other computers, making all the systems run as normal again. But according to the hotel staff, the hackers left a back door open in the system and tried to attack the systems again.
After the third attack, the hotel administration replaced the computers and the latest security system was integrated into all the systems, and the previously vulnerable networks were decoupled.
The Seehotel Jaegerwirt, which has existed for 111 years, cybercriminals have decided to go traditional to keep away hackers from any kind of manipulation as Brandstaetter said: "We are planning at the next room refurbishment for old-fashioned door locks with real keys. Just like 111 years ago at the time of our great-grandfathers."Using cyber criminal activities is becoming increasingly commonplace, as tracing payments is much harder due to the way the cryptocurrency works.
Read more »

LABOUR MINISTRY HIT BY CYBER ATTACKS IN KSA

(pc-Google Images)
Saudi Arabia has warned organizations on Monday to be on the alert for cyber attacks that includes a version of the extremely destructive Shamoon virus, as a chemicals firm reported disruption in it's network and the Ministry of Labor and Social Development said it had been attacked.

(pc-Google Images)
An alert from the telecoms authority advised all parties to be vigilant for attacks from the Shamoon 2 variant of the virus that in 2012 damaged of tens of thousands of computers of the oil giant Saudi Aramco.

The labor ministry, meanwhile, stated that it had been hit by a cyber attack, but that its data is still intact. It said that Human Resource Development Fund (Hadaf) had also been hit, while the impact remains minimal.

Sadara Chemical Co, a joint venture firm owned by Saudi Aramco and U.S. company Dow Chemical based in Jubail, said it had also experienced a network disruption on Monday morning and was continuously working to resolve the issue.

The company made the disclosure on its official Twitter account after the warning by Al Ekhbariya TV, which cited the telecoms authority.

It did not explain whether the disruption was due to a cyber attack but said as a precaution, it had stopped all services related to the network. Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources.
Read more »

CHARGER SEEKS HEAVY RANSOM FROM ANDROID USERS

(pc-Google Images)
A new ransomware in Google Play dubbed as Charger has been discovered by Check Point’s mobile security researchers.

Charger has been found embedded in an app called EnergyRescue, that steals contacts and SMS messages from the user’s device and asks for admin permissions. When granted, the ransomware locks the device and displays a message demanding payment. Researchers detected and quarantined the Android device of an unsuspecting customer employee who had unknowingly downloaded and installed the ransomware. The early detection helped them to quickly inform Android’s Security team about the the findings that added the malware to Android’s built-in protection mechanisms before it began to spread, ensuring only a limited number of devices were infected.

Charger mobile ransomware uses a different approach.

Unlike most malware found on Google Play, that contains a dropper that later downloads the real malicious components to the device, Charger uses a heavy packing approach. This makes it harder for the malware to stay hidden. Charger’s developers compensated for this using a variety of techniques to boost its evasion capabilities so it could stay hidden on Google Play for as long as possible.

These included:
• Encoding strings into binary arrays, making it easier to stay incognito.
• Loading code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect. The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through.
• Checking whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid.

The ransom counts for 0.2 Bitcoins or roughly $180 and is much more than what has been seen earlier mobile ransomware attacks. By comparison, the DataLust ransomware demanded merely $15 and could be an indicator of a wider effort by mobile malware developers to catch up with their PC ransomware cousins.

Similar to other malware seen in the past, Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus. This is likely done to keep the developers from being prosecuted in their own countries or being extradited between countries.
Read more »

Facebook releases new security feature

Facebook has added a new security feature that will be tough for hackers to compromise accounts. 
Now, Facebook users can activate their security key to authenticate their identity during the login process.Users are required to activate their login through the security key , so that if hackers won't be able to hack the account even if they know users login and password details.
The new security system is based on two layers of authentication that will generate two different keys with an extra optional layer of security that will help in identity during the login process.
During this security protocol , the user will enter their username and password during login and the website will return them a verification code which will be entered by the user so that website can authenticate whether its proper user of the account or someone else with the stolen password. 
While this extra addition of key will add extra layer of protection , this method has its own drawback , a hacker can reset the sim for the user's phone and intercept SMS messages , as some hackers have done in past with De Ray McKesson last summer .
Security keys solve this problem by cutting the need to transmit the verification code to the user. Keys like manufactured by Yuvico fit into USB port and can generate a one-time code at the tap of finger and unlike SMS , these codes can't be accessed without physical access , and the security key authentication makes it more faster this way . While SMS service depends on phone connection very much , this type of system security is more faster and doesn't require cell service .
Brad Hill, a security engineer at Facebook, says it was easy for the company to roll out the feature because Facebook already used this security system for in-house engineering staff to login to the systems so it was just matter of  extending feature to  Facebook users .
“We don’t consider two-factor a mandatory thing,” Hill explains. “We see account security as our responsibility regardless of technologies you choose to use. For people who want to stay in control, this would be a good choice for someone who wants to stay ahead of even the most advanced attacks.”
Unfortunately, there’s not a great way to integrate security keys with most mobile devices yet. When logging into their Facebook accounts on mobile, most users will still have to go through the regular old two-factor SMS process (Facebook also lets users generate their verification code through the Facebook app). Users with NFC-capable Android devices and the latest versions of Chrome and Google Authentication can use an NFC-capable key to verify their identity on the Facebook mobile website.
The challenge of using a security key with a mobile device is one Hill expects to see addressed in the future. Although access is currently limited to certain Android users, Hill says he anticipates more APIs on the Android platform that will support security keys — and that other platforms will follow suit.

If you are ready to activate your security key? Go to Security Settings in your account and click “Add Key.” (Note: This will only work if you’re using the Chrome or Opera browser.)
Read more »

Russia foiled 70mn cyberattacks from foreign hackers in 2016


Russian intelligence agency, Federal Security Service (FSB) communications and security spokesman Nikolay Murashov revealed on Tuesday (January 24) that Russia repelled 70 million cyber attacks which endangered its information infrastructure. While testifying before a state Duma committee for Information Policy, the officials added that most of the attacks in 2016 originated from foreign lands.

The development came after recent claims by the administration of former US president Barack Obama that Russia hacked into computer networks linked to the Democratic Party to tilt the 2016 presidential election in favour of the then-candidate Donald Trump. Obama vowed unspecific counter-measures.

Russia is considering measures to boost the security of all firms operating critical infrastructure. Murashov insisted that “at present, Russia has sufficient potential in the development of means of information security.”

While many major Russian companies, such as state-controlled energy giant Gazprom and those in charge of critical railway infrastructure are considered well-protected, there are enterprises that remain particularly vulnerable to such attacks.

The comments were made during a committee meeting at which a new bill, titled "On the Security of Critical Infrastructure of the Russian Federation", was considered. It is aimed at boosting security for companies deemed to be part of Russia's critical infrastructure. The bill has reportedly been designed to ensure that companies are adequately equipped to defend themselves against potential cyber attacks. The bill also stipulates that critical infrastructure companies report potential hacking attempts against them to relevant state institutions and cooperate in subsequent investigations.

Once the entity is in the list, it will be obliged to purchase means for detection and countering cyber warfare. The companies will be divided into three groups, gauging the degree to which their infrastructure is critical.

The draft bill is also reported to be aimed at preventing potential cyber attacks by imposing harsher punishments on cyber criminals. If passed, hackers targeting Russia's critical infrastructure could face up to 10 years in prison.
Read more »
Subscribe to: Comments (Atom)