Monday morning, March 6, 2017 started off with a teaser announcement from data breach storm chaser Chris Vickery over at MacOS security software specialists MacKeeper. The announcement stated that later in the morning the identity of a breach victim with 1.37 BILLION records compromised would be identified.
Wow 1.37 Billion is a LOT of records! For perspective, there are only about 300 Million people in the whole United States. A breach of that size can only happen to an organization that either has a lot of individual users/customers, a large government agency or perhaps a large scale data aggregator.
The Internet was immediately on fire with speculation as to who might have been breached… Facebook? Salesforce? Apple? Alibaba?
Well, a few hours later the mystery was solved when Chris Vickery revealed on the MacOS blog that the “victim” was one of the largest email spammers in the world! Wow, no one had that on their radar.
The spammers, who position themselves as legitimate marketers under the name River City Media, use automation and hacking techniques to send out an estimated 1 Billion emails a day with a team that numbers around a dozen. While everyone despises spam email, at some level you have to admire the sheer spamming scale that Alvin Slocombe and Matt Ferris, the River City Media principles, were able to operate at.
In addition to emails, the database contains real names, IP addresses and frequently physical addresses. It would appear that these details may be headed over to law enforcement authorities so “big brother” just got a huge windfall.
You can bet that this is only the beginning of the story and that much more will come to light in the months ahead. Certainly all the investigators involved, MacKeeper Security Research Center, CSOOnline, and Spamhaus deserve a huge helping of kudos for clearing up, at least a little bit, the inboxes of over a billion spam victims in one fell swoop.
You would think that a group of professional spammers would have appreciated and deployed the best security measures possible. It just goes to show that any operation, illegal or otherwise can be brought to a screeching halt when a data breach occurs.
Get proactive on challenging your own network security before it is too late. From executive assessments to vulnerability discovery and breach simulation Konsultek can help. Give us a call to find out how we can help you identify and quantify your network security risks in a proactive manner.
TechRepublic.com published an interesting interview last week with the hacker Kapustkiy, part of the hacking group New World Hackers.
It’s a quick and interesting interview that covers his life from the early days of hacking as a teen to where he stands today, a member of New World Hacking (NWH) which he considers to be the most elite hacking group at the moment.
Here are some of the highlights:
Kapustkiy refers to himself as “penetration tester”. “I wanted to make money [with my skills], so I do bug bounties.”
“I’ll try to find vulnerabilities (most of the time XSS) in websites of my country and I help the administrators to fix them or I’ll report the vulnerable so they could do it on their own. PS: I only spend time on finding vulns in big websites like banks or universities.”
“A lot people are asking me these kind of questions and the reason that I describe myself as a Security Pentester instead of a hacker is, because I like to help websites to improve their security so they are secured. I have always put my focus on Web/Network Security instead of other stuff. A ”hacker” is in my opinion someone who has knowledge with everything.”
He considers what he does “not hard at all” and “easy to learn. His inspiration came during his teen years when he read an article about LulzSec (one of his favorite hacking teams) and how they used simple attacks such as SQL injection.
After claiming to be behind the hacking of some high-profile embassies he reached out to NWH hoping to apply to their team. As he puts it “Other groups are good, he said, “but not as skilled as [New World Hackers].” NWH claimed responsibility for the crippling botnet attack that utilized IoT devices to bring a swath of the East Coast Internet providers late last year.
“In my opinion, it is legal when you only leak a little bit database to make them aware of it. Also report the vulnerable always and let them know that you try to help them.”
Kapustkiy offered up screenshots of ostensibly happy clients to TechRepublic who conducted the interview via encrypted applications that allowed the hacker to remain anonymous.
“The thing that motivates me a lot is that administrators appreciate that I try to improve their security better. I got a ”thank you” of the Indian Embassy and the Italian Government and I was very proud of myself that they have fixed the vulnerable.
By identifying weaknesses in your network security before they are discovered by external actors, Konsultek can build a custom security solution to close the gaps and prevent future breaches. If your organization is unclear as to how best protect your valuable information assets please give us a call. We’re here to help.
Through the years we’ve discussed all sorts of digital identity verifications from passwords to fingerprints to retinal scans. Until today however, we’ve never discussed the almighty hand-written signature since it has remained (thankfully) beyond the reach of cyberhackers and criminals.
Well, apparently even your signature might soon be “hackable” thanks to a new handwriting forgery program developed at the University College London.
What separates this new algorithm from past is its ability to flawlessly replicate the most human, individual aspects of a person’s signature.
When a handwriting expert examines a signature he focuses on a number of subtle nuances in order to verify that the signature is authentic. For example, the expert might look at:
1. How letters are joined together. Every person has a unique, well, “signature” when it comes to how letters are spaced and joined.
2. How the letters and characters are slanted and how they relate to one another spatially.
3. How thick the letters and characters are. This varies by not only what characters are being scribed but also by the ink flow from the pen.
The new algorithm, after analyzing as little as 1 paragraph of cursive writing, can apparently flawlessly reproduce the volunteer’s (or victim’s) signature.
Let’s hope that this technology doesn’t become too commonplace too soon or offline identity hacks might just become more problematic than their electronic counterparts.
When it comes to digital information security, including scanned signatures, Konsultek stands between your most valuable assets and the nefarious elements who are constantly trying to steal them. No matter what your industry and no matter how large or small your organization your security is OUR business. If you are looking for a partner you can trust in your secure future then stop looking and simply give us a call!read more
In the first of the “Top Hacks of 2016” lists I’ve seen this year (they seem to start earlier each year, similar to holiday shopping!) Tech.co has published their top 10 list.
1. World Anti-Doping Agency
4. Democratic Party
The post on Tech.co doesn’t explicitly state whether or not the hacks are listed in order of decreasing severity. Personally, I would re-order the list and put the DNC (because of the potential ramifications it had on the election) or Yahoo (because of the sheer scope) at the top of the list.
Nonetheless, a solid list in a year when pairing such a list down to just 10 is a challenge!
What do you think? Any egregious omissions? How would you order the list?
At Konsultek we specialize in customized security solutions and managed security solutions for organizations of all types. Education, finance and healthcare are just a few of the dozens of different niches our security experts work in every week. If you are ready to learn more about your secure future, please give us a call.
Our partners at proofpoint just released there 3rd Quarter Threat Summary which you should grab here.
Here is a quick overview, by category, of what’s been trending in the way of information security threats over the past 3 months.
By integrating advanced threat protection from proofpoint, Carbon Black, Forescout and others, Konsultek develops customized security plans for clients all industries and all sizes. If you are ready to proactively secure your organization, give us a call to discuss your unique situation.
You would have to be living under some sort of information security rock this week to have not heard about the massive breach at the popular cloud storage service Dropbox.
The breach, at 68,000,000 plus users, is a large one to say the least and it also means that your credentials have been leaked just as mine were if you have been a long-time Dropbox user.
Rather than rehash the breach, I thought I would make this post more of a Public Service Announcement aimed at helping our small and medium sized business clients (who often use Dropbox) navigate the breach.
First, you should head over to haveibeenpwned.com and see if in fact you have been pwned. If you are like me and use your primary email for a number of site subscriptions you will likely see a screen like this:
Now, if you are the type of person who uses the same password for multiple accounts (Shame on you! After all, you are reading an information security blog!) you should probably set aside and hour or two and start the arduous processs of changing passwords at all of your critical accounts such as banking, fincancial services, email accounts, website accounts, airline accounts etc.
If you are not a password reuser then this latest Dropbox incident is a relatively minor hassle once you get past the fact that there is a chance that anything that was stored in your Dropbox account has been stolen.
Have you seen this email?
If not, then ostensibly you were not compromised in the breach but my advice would be to follow the steps below anyway!
If so, then you’ll want to log out of your Dropbox account and log back in.
That should elicit this message:
Which will lead to this email message:
Which leads to this:
And Voilà, your password has been changed and your account is secure once more!
Reusing passwords, weak passwords, insufficient prevention technologies, sub-standard detection and response technologies are all important facets of information and network security. And, guess what? These are all facets that Konsultek addresses each time we work with a client.
If you are ready to upgrade your security, give us a call. We are here to help.
In a narrative that could have been lifted from a Tom Clancy novel, reports surfaced this week that an elite hacking group with ties to the NSA had been hacked and a treasure trove of their hacking tools stolen.
According to theHackerNews.com, the elite covert hackers known as the “Equation Group” have been hacked and a portion of their toolkit has been released publicly. Another portion of their most potent tools and exploits is apparently up for sale at auction with an asking price of $1 Million Bitcoins!
Source: Washington Post
The hackers, who go by the name “The Shadow Brokers” had this to say about their stunning hack:
“We follow Equation Group traffic,” says the Shadow Broker. “We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.”
While the authenticity of the hack was at first questioned, many security experts from free-lancers to Kaspersky have examined the publicly leaked materials and have concluded that they are indeed products from Equation Group.
In an update to the rapidly unfolding story, security expert Matt Suiche spoke with an anonymous source who used to work in the NSA’s TAO (Tailored Access Operations) unit. The credible source indicated that the leaked files were stored on a physically isolated network and that either an inside mistake or purposeful act brought the files into contact with the outside world.
For certain, this story is not over yet and probably won’t be for some time. Will the final plot twists be as interesting as something penned by Clancy? We’ll have to wait and see!
In the meantime, if you have security concerns about your information and network please pick up the phone and speak with one of our operatives, um I mean team members!
As big financial corporations become smarter about security and better at identifying and preventing costly financial fraud the criminals are turning towards a less sophisticated, yet profitable target – small and medium size businesses.
According to the Wall Street Journal, the scam is called “wire-wire” in Nigeria, the scam involves hi-jacking legitimate purchase orders by first infiltrating a company’s email service.
This is a more sophisticated variant of a similar scam where hackers create fake emails that fool employees and vendors into believing they are receiving instructions (typically to make payment to a third party) from a C-Level executive whose instructions are trusted implicitly.
It all begins with the hackers infiltrating the email account of either a seller or vendor and inserting themselves into an email conversation that involves a high value transaction. Once a part of the conversation, the criminal hi-jacks a purchase order, alters it to reflect fraudulent banking information and then sends it along to the intended party.
The unsuspecting party then makes payment leaving the criminals rich, the seller poor and the vendor completely confused!
Most small businesses use 3rd party, cloud-based email platforms because they are less expensive than self-hosted email solutions on dedicated servers. Unfortunately, these cloud platforms can be less secure and prone to 3rd party infiltration. And, since the scammers only need access to one party, even if one of the company’s is doing everything correctly and securely, they can be compromised by their partner in the transaction.
Whether you choose to have us help create a secure email system for you or you rely on one of our managed solutions, we have the expertise to cut the “wire-wire” cord and help ensure that your hard earned cash is sent to the place you intended for the purpose you intended. Give us a call today to learn how we keep organizations just like yours safe from cyber criminals and hackers every day.
We wouldn’t be on the cutting edge of topicality if we didn’t have a post about Pokemon Go and fortunately, thanks to the hacking group PoodleCorp, we are happy to be able to bring you a post about Pokemon GO AND Info Sec all tied together!
Softpedia broke the exclusive story of DDoS failure to launch on Aug 3. Initial reports were that hacking crew PoodleCorp’s planned Aug 1 DDoS was waylaid by an external hacker who hacked their site, dumped the database, and shared it with data breach index service LeakedSource who tweeted news of the breach to their followers.
In response to the LeakedSource Twitter proclamation of the breach, PoodleCorp fired back through a popular YouTuber that the leak was not a result of hacking but rather the inside work of a disgruntled partner.
PoodleCorp also apparently fired off multiple DDoS attacks against LeakedSource, to no avail, in retaliation for LeakedSource’s announcement.
Not ones to apparently shy away from a little friendly DDoS gamesmanship, LeakedSource trolled the leaked database and reportedly found PayPal transaction information as well as the “full address information on 3 members, which we plan on reporting to the relevant authorities.”
Not sure if that counts as “check mate” but certainly well played LeakedSource!
At Konsultek we know that information security is not a game, but rather serious business. If you feel as though you’ve been played or want to keep from being played by hackers and cybercriminals, just pick up the phone and give us a call. Our team is always ready to take on new challenges and to help you and your business stay secure.
In November 2014 we reported on the vibrancy of the underground marketplace for all things hacking related in our post titled RAND Report “Markets for Cybercrime Tools and Stolen Information: Hackers’ Bazaar”.
In this post we’ll be revisiting the topic armed with fresh data and insights from the recently released DELL SecureWorks Underground Hacker Markets 2016 Annual Report, their 3rd installment in the series that was first published in 2013.
One of the most interesting things about the “underground” services market is just how much energy and effort is being expended to make the marketplace a more comfortable and convenient place for shoppers.
DELL SecureWorks found numerous examples of this improved customer experience including:
All of this is good news for those looking to use these criminal services for personal or corporate gain! DDOS attacks, email account hacking, social media hacking and complete legitimate business dossiers (Russian businesses) including bank accounts, tax identification numbers and articles of incorporation can now be procured easier than ever.
While all of this is good news for the criminals it puts legitimate organizations like yours at more risk. Why? Because all markets require buyers and sellers to function and the easier and safer it becomes for buyers to participate, the more demand will increase. As demand increases so does price. And, in order to meet the increased demand and take advantage of elevated prices hackers will be working harder and harder to increase supply.
The DELL report is filled with pricing data for credit cards, personal information, hardware and hacking services. Historical information is not complete but at a glance it appears that prices have been climbing for credit card and personal information as shown below.
Source: DELL SecureWorks Underground Hacker Markets 2016 Annual Report
Here at Konsultek we develop custom security solutions. From education and firewalls, intrusion detection, malware prevention and endpoint detection we have the experience and technologies to develop the correct solutions for your organization. Give us a call today to begin a dialogue about your unique situation.