Officials worldwide culminated an 18 month effort this week to takedown Darkode, a cybercrime forum where hackers fraternized and shared malware, credit card information and more.
Tag Archives: hackers
Dozens arrested in international Darkode crackdown
International law enforcement agencies have arrested more than 60 people suspected of carrying out cybercrime associated with the Darkode forum.
The post Dozens arrested in international Darkode crackdown appeared first on We Live Security.
Adobe Flash zero-day vulnerabilities threaten your security
Last Friday, Adobe confirmed two new “critical” zero-day flaws in the Adobe Flash Player browser plugin 18.0.0.204 – and earlier versions – for Windows, Mac OS X, and Linux. Today, a third flaw was found. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.
We recommend disabling Flash until the bugs are fixed.
Three “critical” Flash zero-day flaws in Adobe Flash Player discovered
Security experts say the two flaws were found in stolen files that were dumped earlier this month from Hacking Team, an Italian security firm that sells communication interception and surveillance software to governments around the world. The third one came from the same documents.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in their blog. “Depending on the privileges associated with the user account targeted, an attacker could install programs on the system, alter or delete data, create new accounts with similar user rights, or cause a denial-of-service.”
“Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015,” the blog said.
We recommend you do the following:
- Remove or disable Flash until Adobe sends out a fix.
- Once a patch is released by Adobe, update immediately.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Avoid visiting websites or following links provided by unknown or untrusted sources.
- Avoid clicking on links contained in emails or attachments from unknown sources.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Affected systems:
- Adobe Flash Player 18.0.0.203 and earlier for Windows and Macintosh
- Adobe Flash Player 18.0.0.204 and earlier for Linux installed with Google Chrome
- Adobe Flash Player Extended Support Release 13.0.0.302 and earlier for Windows and Macintosh
- Adobe Flash Player Extended Support Release 11.2.202.481 and earlier for Linux
Shopping online just got a little more risky
One of the largest e-commerce platforms, Magento, has been plagued by hackers who inject malicious code in order to spy and steal credit card data or any other data a customer submits to the system. More than 100,000+ merchants all over the world use Magento platform, including eBay, Nike Running, Lenovo, and the Ford Accessories Online website.
The company that discovered the flaws, Securi Security, says in their blog, “The sad part is that you won’t know it’s affecting you until it’s too late, in the worst cases it won’t become apparent until they appear on your bank statements.”
Minimize your risk for identity theft when shopping online
Data breaches are nothing new. The Identity Theft Research Center said there were 761 breaches in 2014 affecting more than 83 million accounts. You probably recall the reports of Sony, Target, Home Depot, and Chic Fil A.
We have heard lots about what we as individual consumers can do to protect ourselves: Use strong passwords, update your antivirus protection and keep your software patched, learn to recognize phishing software, and be wary of fake websites asking for our personal information.
But this kind of hack occurs on trusted websites and show no outward signs that there has been a compromise. The hackers have thoroughly covered their tracks, and you won’t know anything is wrong until you check your credit card bill.
So how do you minimize the risk of online shopping?
- Use a payment service or your credit card– Experts agree that payment services like PayPal are safe because of their security practices and the encryption technology they use. Just don’t link it to your checking account. Link it to a credit card so you get your credit card’s fraud protections in addition to PayPal’s. If you only use a credit card, designate one card for online purchases so if something unusual happens, you don’t have to track down all your other cards.
- Keep a paper trail – Once you place your order, print or save records of the transaction. Check your credit card statement to make sure transactions match and there were no unauthorized charges.
- Avoid shopping while using public Wi-Fi – Unsecure public Wi-Fi hotspots do not give you any protection from hackers who want to monitor what you are doing online. It’s not difficult for someone to intercept and modify communications between you and another site. If you have to do it, then use a Virtual Private Network (VPN) so your communications will be encrypted.
What to do if you are caught in a data breach
- Get a new card – Either get a replacement card from the company or close your account.
- Change your passwords – If you have an account or have done business with any company that falls victim to a breach, then change your password ASAP. It’s a good idea to change all your passwords because hackers sell them to other cybercrooks.
- Monitor your bank and credit card statements – Don’t wait for your monthly statement to arrive in the mail. By then, a cybercrook could have done major damage. Check your online statement until your new card arrives. If you see any suspicious charges, report it immediately.
- Freeze your credit – you can request that your credit report be frozen from the three main credit bureaus; Equifax, Experian and TransUnion. This way, no one can access your credit report without your approval.
Weekend wrap-up: Cyber security news from Avast
Here’s your wrap up of security and privacy related news from the June 17 – 27 posts on the Avast blog:
It’s summertime in the Northern Hemisphere and many people are going on or planning their vacation. Beware of fake vacation packages and beautiful rental properties that are not as they seem. These Vacation scams can ruin your holiday, so read up before you become a victim.
More than 600 million Samsung phones were reported to be at risk because of a vulnerability found in the keyboard app SwiftKey. The best way to protect yourself is to use a virtual private network (VPN) when using an unsecured Wi-Fi hotspot. If you have a Samsung S6, S5, or S4, you need to read Samsung phones vulnerable to hacker attack via keyboard update.
As we learned from the Hola VPN service revelations, any old VPN service will not do. Hola was selling their users’ bandwidth and installing and running code on their devices without their knowledge or permission. Find out the details in Hola, Hola VPN users, you may have been part of a botnet!, and please share with an Hola user.
Mobile developer Martin Banas, attended Apple’s Worldwide Developers Conference in San Francisco. Besides spending lots of time standing in lines, he enjoyed meeting other developers and hearing the latest news about OS X El Capitan and Apple Pay. Weren’t able to attend, bit wish you could have? Martin’s conference report, Looking back at WWDC 2015, describes the event.
Remember the iCloud celebrity photo hack? There have been many theories bandied about since nude photos of female celebrities were posted on the web. We add our own two cents into the conversation. Avast security researcher Philip Chytry explains what he thinks the origin and motivation behind the hack was in iCloud celebrity photo hack: What’s happening?!
Major cybercrooks taken down
While the cybercrooks behind the iCloud hack have not been discovered, authorities had big wins this past week in other areas. The author and distributor of Blackshades malware was sentenced to nearly five years in a New York prison. A major cybercriminal organization responsible for banking Trojans Zeus and SpyEye was taken down. Read Businessman hackers brought down in USA and Europe.
More from the Edward Snowden files. It was revealed this week that U.S. and U.K. spy agencies were attempting to reverse engineer major antivirus companies software, including Avast’s. CEO Vince Steckler spoke to RT News about government spying in the computer age. You can read the article, Avast CEO speaks out about U.S. and U.K. spy agencies, and watch the interview here.
And if the real world of cybercrime is not enough, our favorite new show of the summer Mr. Robot debuted on the USA Network this past week. We excitedly watched the first episode then talked to Avast security expert, Pedram Amini, to find out Are the hacks on Mr. Robot real? or just Hollywood magic.
Follow Avast on Facebook, Twitter and Google+ where we will keep you updated on cybersecurity news every day.
Businessman hackers brought down in USA and Europe
Cybercrooks run their organizations like businesses these days. They have multinational offices, marketing departments, business development, and technical support teams. Maybe they also need some security…
Major cybercrooks taken down
Malware entrepreneur sentenced to 57 months in prison
One such malware entrepreneur, Alex Yucel, sold malware through a website that he operated, to other hackers. The Blackshades malware allowed hackers to remotely control their victims’ computers. They could do such things as log the victim’s keystrokes, spy through webcams, and steal usernames and passwords for email and other services. They could also turn their computers into bots which were used to perform Distributed Denial of Service (DDoS) attacks on other computers, without the knowledge of the victim.
Manhattan U.S. Attorney Preet Bharara said: “Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing – gain control of a computer, and with it, a victim’s identity and other important information. This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.” See the Department of Justice press release here.
Yucel sold the software for as little as $40 on PayPal and various black market forums. The profits from sales of the malware is estimated to be at $350,000. Yusel plead guilty to computer hacking and was sentenced to almost five years in a New York prison. Last year more than 100 customers of Blackshades were arrested in massive raids in Europe and Australia.
Cybercrooks business dismantled in Ukraine
In Europe, a joint investigation team brought down a major cybercriminal group in Ukraine. These high-level cybercrooks are suspected of developing, exploiting, and distributing well-known banking Trojans Zeus and SpyEye. The malware they developed attacked online banking systems in Europe and elsewhere. The damages are estimated to be over 2 million euros.
Their business was organized into specialty groups. Some ran a network of tens of thousands of computers, others harvested victims banking credentials such as passwords and account numbers, and others laundered their ill-gotten gains through money mule networks. This group of cybercrooks also had a marketing team that advertised on underground forums, sold their hacking services to other cybercrooks, and had a business development department seeking cooperation partners.
It took investigators and judicial authorities from six different European countries, supported by Eurojust and Europol, to stop this major cybercrime organization.
“In one of the most significant operations coordinated by the agency in recent years Europol worked with an international team of investigators to bring down a very destructive cybercriminal group,” said Rob Wainwright, Director of Europol.
Are the hacks on Mr. Robot real?
Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.
The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.
I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.
In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.
Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?
Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.
Stefanie: Wow! That’s a bit frightening… How can I protect myself then?
Pedram: You can stay safe while using any public Wi-Fi network by using a Virtual Private Network (VPN). A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects your personal data, thus preventing hackers from accessing your files and other sensitive information stored on your device.
We actually found that more than half of Americans connect to free and open Wi-Fi networks and that of the 55% who do, 76% prefer networks that don’t require registration or a password to connect, yet only 6% use a VPN or proxy while connected to open Wi-Fi.
Fast forward to minute 10:55. We see Elliot with his therapist Krista, whom he hacked (hacking people is clearly his hobby 
).
Stefanie: Elliot says that hacking Krista was simple, because her password was her favorite artist and her birth year backwards. We know that you should always use a complex password, more than eight characters and that your password should include letters, numbers, and symbols, but do most people really have complex passwords? Could having simple passwords really put you at risk?
Pedram: Most people, unfortunately, do not have complex passwords. For example, we found that one-third of American’s router passwords contain their address, name, phone number, a significant date, and their child’s or pet’s name. Not only that, but last year we found that most hackers’ passwords were only 6 characters long and that the most frequently used word in their passwords was the word “hack”.
Having a simple password that is either a dictionary word or that is comprised of personal information can put you at risk
If you think about it, bits and pieces of our private lives are scattered on the Internet. Someone can easily do a quick Google search, check out some of your social media sites and with a little time and patience, they can figure out your simple password. Even worse, if you use the same password for multiple sites, you really make it easy for hackers to hack all of your accounts.
Moving forward to minute 25, Angela, Elliot’s friend and colleague, calls him for help because their client, E Corp, a multinational conglomerate, has been hit with a DDoS attack.
Stefanie: What is a DDoS attack? Can this affect the average computer user?
Pedram: DDoS stands for distributed denial of service attack and is used to make a service unavailable. In the end we discover that the attack on E Corp was actually based on rootkits that had subverted a variety of servers, but I’ll continue to describe a DDoS attack.
DDoS attacks are sent by two or more people, but more often by an army of bots AKA a botnet. These bots send so many requests to a server that the server becomes overloaded and cannot provide its service anymore. DDoS attacks target large businesses, so the average computer user does not become affected, unless the service they want to use is not available because it has been hit by a DDoS attack.
However, the average user can help facilitate a DDoS attack unknowingly. We researched home routers and found that millions are vulnerable. Routers are connected to the Internet 24/7 and can be easily exploited and used as a bot, which, as I explained, can be used in a DDoS attack. A famous example is the hack of the Sony Playstation Network and Xbox Live last Christmas – the hacker group claimed they used a router botnet for the attack.
To prevent this from happening, people should make sure their router firmware is always up-to-date and perform a router scan to check if their router is vulnerable or not.
In minute 55, Elliot tries to hack Krista’s new boyfriend, Michael. He calls Michael pretending to be a from his bank’s fraud department, confirming his address and asking him security questions to verify his account: what his favorite baseball team is, his pet’s name. Using the information he gathered combined with a dictionary brute force attack he attempts to get Michael’s password.
Stefanie: What is a brute force attack? Can this happen to the average user?
Pedram: A brute force attack is password guessing which systematically checks all possible passwords until the correct one is found. Think of it like a machine going through a huge dictionary of passwords that types each one into an account to unlock it.
Brute force was likely one of the techniques used in hacking the iCloud accounts which eventually lead to the nude celebrity pics from stars like Jennifer Lawrence and Kirsten Dunst being distributed over the Internet. This type of attack is not exclusively used against celebrities. Hackers can use brute force attacks to hack any user accounts, given they have account email addresses. Typically, they would target accounts that hold credit card or other financial information they can abuse for financial gain. This is why, again, it is vital you use strong passwords for all of your accounts.
Stefanie: Thank you for the chat Pedram. I look forward to discussing Mr. Robot’s next episode, Ones and zer0es with you next week!
You can watch MR. ROBOT on USA Network Wednesday nights 10/9 central.
Follow Avast on Facebook, Twitter and Google+ where we will keep you updated on the new Avast video podcast hosted by Pedram Amini.
LastPass Has Been Breached: Change Your Master Password Now
Luckily no passwords were actually stolen in the attack on LastPass last Friday, according to the Company’s Blog: “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.” Nonetheless account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Because of that everyone using the LastPass service will receive a mail, prompting them to reset their master password, according to the blog entry. On top of that the company will also require users who log in from a new device or IP address to verify their ID via mail if multifactor authentication is not enabled for the specific account.
Considering your stored passwords the blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”
So apparently there is no need to change every password you have stored with them. You can if you are really really concered for your accounts, but according to LastPass there is no need for it. Just make sure none of the other passwords you use is the same as the master password of your LastPass account.
The post LastPass Has Been Breached: Change Your Master Password Now appeared first on Avira Blog.
Teenagers charged with cybercrimes
Forget about shoplifting or painting graffiti on the wall at midnight. Opportunistic teens are turning to cybercrime to get their kicks these days.
Teenage hackers range from pranksters to international kingpins.
A 14-year old boy in Florida was recently arrested and charged with a felony offense for unauthorized access against a computer system. The 8th grader said he was playing a prank on his teacher when he used the teacher’s administrative password to log onto a school computer and changed its desktop background to an image of two men kissing. The password was the teacher’s last name, and the prankster said he figured it out by watching the teacher type it in.
Across the country in California, two high school students were arrested for allegedly hacking into the school’s website and changing grades for about 120 students. It’s another case of “unauthorized access” and the school is working with the Cyber Crimes Bureau of the Los Angeles Sheriff’s Department to investigate.
Those two “cybercrimes” can’t compare to the one out of New Zealand. Police have detained an 18-year old they call the kingpin of an international cybercrime network. Together with other young adults in New Zealand, the US and elsewhere, he is accused of running a botnet comprised of 1.3 million hacked computers and skimming millions of dollars from victims’ bank accounts. The teen likely will be charged with having unauthorized access to computers and possessing computer hacking tools — charges that carry a maximum sentence of 10 years in prison.
Why are teens attracted to cybercrime?
One reason may be that it’s fun. Hackers were asked in a survey why they do it, and more than half said it provided them with a thrill. They also think they won’t get caught. Eighty-six percent of them aren’t worried about getting discovered or ever facing the consequences of their actions.
Others just want to prove their skills. Remember when the Australian teenager hacked Twitter because he was bored? That was back in 2009. When asked by The Independent why he did it, his response was, “To see if it could be done.”
The big rewards and rock-star status can be tempting. Rolling Stone did a story on a South Beach (Miami) 20-something year old hacker who had a glitzy, drug-fueled lifestyle while presiding over an international cybercrime ring that stole over 170 million credit and debit card numbers, estimated at $200 million.
Keep yourself safe online
It doesn’t really matter if it’s a bored teenager down the street or an underground cybercrime ring operating out of bunkers in a far away foreign land, you still need to take basic precautions to keep yourself and your data safe.
1. Make sure you have up-to-date antivirus protection with a firewall.
2. Keep your software and operating system up-to-date.
3. Be cautious of clicking on links in unfamiliar emails. Don’t provide personal information online, such as your password, financial information, or social security number, unless you are absolutely sure of where you are adn who you are dealing with.
4. Use strong passwords, and don’t use the same one for Facebook that you use for your bank. This blog has plenty of tips on how to create unique passwords and remember them too.
5. Learn what to do if something goes wrong. Find out who the appropriate authorities are in your area by contacting your Internet Service Provider or the Internet Crime Complaint Center.
Hackers invited to break Apple, Fitbit and Samsung devices at Defcon 2015
Internet of Things devices from the likes of Apple, Fitbit and Samsung will be pushed to their limits this August at the DefCon 23 conference, where hackers have been invited to test the latest gadgets for possible exploits.
The post Hackers invited to break Apple, Fitbit and Samsung devices at Defcon 2015 appeared first on We Live Security.
