Month: February 2015

Hacker Who Leaked Madonna’s “Rebel Heart” Album Indicted in Israel

Posted on

Adi Lederman, 39, is accused of hacking into the cloud storage accounts of three individuals (Sara Zambrano, Angie Teo and Kevin Antunes) that work with the artist and have access to unreleased music files.
Financial gain seems to be the goal

According to the court document obtained by The Hollywood Reporter, Lederman also pilfered an office email account called “osearyoffice,” suggesting that it was used by Madonna’s manager, Guy Oseary.

The hacker was arrested after a month of investigative efforts from a private investigation company, the FBI and the cyber-crime unit of Lahav 433, Israel’s equivalent for the FBI that investigates national crimes.

The data obtained illegally was sold to different third-parties for amounts between several tens of dollars and $1,000 / €890, and sometimes even more, as per the court documents.

It is unclear how the hacker managed to gain access to the private cloud storage accounts, but spear-phishing is used in most such cases. The victim receives a fraudulent email containing a link to a fake log-in page for the service, which captures the credentials and sends them to the attacker.

Hacker Who Leaked Madonna’s “Rebel Heart”
Hacker Who Leaked Madonna’s “Rebel Heart”

Unless two-factor authentication (2FA) is supported and enabled, the perpetrator has unfettered access to the account based on the stolen username and password.
Hacker tried to erase some incriminating evidence

Lederman has been charged with computer trespassing, prohibited secret monitoring and additional computer trespassing, copyright infringement and obstructing investigation.

The last accusation has been formulated on the fact that the defendant contacted one of his buyers, identified as Craig Lunti, via email and asked him to delete all correspondence between them since authorities would initiate an investigation into the matter.

Some of the songs Lederman managed to steal were leaked to different websites last year, which would spoil the release of the album, scheduled for March 6.

Upon the arrest, the police seized multiple items from Lederman’s house, all of them believed to be stolen material from other artists.


Alleged Aussie Anon hauled in for Indonesia phone tap hacking spat

Posted on Updated on

A Melbourne man has been charged with instigating an Indonesian-led hack of Australian intelligence websites as an alleged member of the Anonymous collective.

Matthew John Hutchison, 21, faced Melbourne Magistrates Court this week over allegations he convinced Indonesian Anonymous hackers angry over October 2013 revelations that Canberra spied on Jakarta to rip into the websites of ASIO, the Defence Signals Directorate (ASD) and ASIS.

After the Indonesian hackers brought down web properties for Australia private businesses such as Danny’s Dry Cleaning in the strikes, Hutchison is alleged to have published a video urging his apparent colleagues to target the government assets and threatening retaliation if they did not “leave innocent bystanders out of it”.

Alleged Aussie Anon hauled in for Indonesia phone tap hacking spat
Alleged Aussie Anon hauled in for Indonesia phone tap hacking spat

Hutchison’s alleged multimedia threats escalated to potential “cyberwar” in a second video.

It is unknown if the allegations suggested Hutchison was linked to the @Op_Australia Twitter account responsible for much of the Anonymous’ Australian rhetoric.

Entities using the name and iconography of Anonymous (EUTNAIOA) then claimed to have attacked Indonesian web presences and a social media keyboard bashing frenzy ensured.

Hutchison is charged with federal offences of “urging unknown person to commit an offence of causing an unauthorised impairment of electronic communication to or from a computer”: and faces a committal mention on 8 April.

Lenovo’s website hijacked, apparently by Lizard Squad

Posted on

Lenovo’s no good, very bad week of security may be getting worse — appears to have been hacked, likely in response to the Superfish scandal. This afternoon some visitors trying to access the site instead get a slideshow of webcam pics of kids sitting at their computer, along with a link to a Twitter account claiming to represent the hacker group Lizard Squad — all set to the sounds of “Breaking Free” from High School Musical. The HTML code says this “new and improved rebranded” site is featuring Ryan King and Rory Andrew Godfrey — two people that some internet posters have identified as members of Lizard Squad.

Update: It gets worse — Lizard Squad’s DNS hijack meant it was able to intercept Lenovo email as well, until Cloudflare shut it off. Ars Technica spoke to the company, which said it seized the account used and was able to update the MX records used for email to cut off the email interception. One message apparently caught claimed that Lenovo’s Superfish removal tool had bricked a customer’s Yoga laptop. That may not be the end though, as the group claims it will be combing through the “dump” of captured data soon.

Lenovo's website hijacked by Lizard Squad
Lenovo’s website hijacked by Lizard Squad

[Thanks, Mark]

Not everyone is seeing the replacement page though — for our staff it only appears over certain connections, but not others — so it could be a DNS redirect that hasn’t hit everywhere. Security researcher Jonathan Zdziarski points out that the DNS entry is now redirecting to a Cloudflare server, which explains what’s going on, although it doesn’t fix it for anyone still trying to reach the site. We’ve contacted Lenovo about the situation, but have not received a response yet.


More than 1 million WordPress websites imperiled by critical plugin bug

Posted on

More than one million websites that run on the WordPress content management application run the risk of being completely hijacked by attackers exploiting critical vulnerability in most versions of a plugin called WP-Slimstat.

Versions prior to the recently released Slimstat 3.9.6 contain a readily guessable key that’s used to sign data sent to and from visiting end-user computers, according to a blog post published Tuesday by Web security firm Sucuri. The result is a SQL injection vector that can be used to extract highly sensitive data, including encrypted passwords and the encryption keys used to remotely administer websites.

1 million WordPress websites imperiled by critical plugin bug
1 million WordPress websites imperiled by critical plugin bug

“If your website uses a vulnerable version of the plugin, you’re at risk,” Marc-Alexandre Montpas, a senior vulnerability researcher at Sucuri, wrote. “Successful exploitation of this bug could lead to Blind SQL Injection attacks, which means an attacker could grab sensitive information from your database, including username, (hashed) passwords and, in certain configurations, WordPress Secret Keys (which could result in a total site takeover).”

The WP-Slimstat secret key is nothing more than the MD5 hash of the plugin’s installation timestamp. An attacker could use the Internet Archive or similar sites to determine the year a vulnerable site was put online. That would leave an attacker with about 30 million values to test, an undertaking that could be completed in about 10 minutes. Once the secret key has been divined, the attacker can use it to pull data out of the database.

WP-Slimstat is an analytics tool. Its listing on WordPress shows it has been downloaded more than 1.3 million times. People who operate websites that use the plugin should update immediately.


Como protegerse de Ingeniero Social

Posted on

Acuerdo con profesionales de servicios de seguridad informática, técnicas de Ingeniería Social están siendo utilizados por los inescrupulosos para obtener acceso a las instalaciones y activos, tanto en línea como fuera de línea. De ser engañados para que den su contraseña de correo electrónico en el teléfono, a cavar a través de sus contenedores para el papeleo descartado, hay muchas maneras en las que alguien puede poner en peligro la seguridad de su empresa.

Ingeniero Social y experto de forense digital Jorge Rios sugiere que se debe emplear “pensamiento crítico” para hacer frente a estos intentos de ingeniería social. El pensamiento crítico significa pensar dos veces acerca de lo que está haciendo o se le pide que haga. Armado con este enfoque y un poco de preparación, debe poder protegerse de estos intentos de hackers.

Durante el curso de hacking ético en México enseñan como protegerse deIngeniero Social. La información que las empresas consideran sensibles se lanza hacia fuera todos los días en los botes de basura normales. Los atacantes pueden recuperar correctamente estos datos, literalmente, la escalada en los contenedores de basura de la empresa. La información como nombres, números de Seguro Social,

servicios de seguridad informática
servicios de seguridad informática

direcciones, números de teléfono, números de cuenta, saldos, y así sucesivamente se lanza a cabo todos los días en alguna parte.

Según investigadores de forense digital Jorge ríos, conozco personalmente a una empresa de alquiler de películas reconocido a nivel nacional que sigue utilizando papel carbón en su máquina de fax. Una vez que el rollo se agota simplemente tiran la totalidad en el contenedor de basura. La información sobre ese rollo tiene precio, incluyendo nombres, direcciones, números de cuenta, números de teléfono, de lo mucho que realmente pagan por sus películas, y así sucesivamente.

Otro ataque de ingeniería social que también demuestra ser muy exitoso acuerdo con expertos de servicios de seguridad informática es cuando un atacante vestidos con el uniforme de ese personal considerado “honesto” y “importante” o incluso “caro”. Por ejemplo; un atacante compra/ roba el uniforme de un portador, empleado de empresa de teléfono o gas o eléctrica y aparece cajas que transportan, herramientas, etc., y tal vez incluso una tarjeta de identificación “apariencia oficial” o un carro de carga “equipo”.

Estas atacantes suelen tener acceso indiscutido en todo el edificio. ¿Cuándo es la última vez que desafió uno de este personal para verificar sus credenciales? Una solución viable contra ingeniería social es los empleados deben tomar los cursos como de curso de hacking ético en México.Para saber mas contacta con instituto internacional de seguridad cibernética o

Last Year’s Celeb Hack Haunts Kris Jenner, Hacker Blackmails Her

Posted on

The details are scarce at the moment, and they are likely to remain so at least for a while, since they are to be revealed in the 10th season of the reality show Keeping Up with The Kardashians.
Sheriff’s department has been alerted

According to TMZ, which learned about the alleged blackmail, Kriss Jenner tells her family that she’s the victim of a hacker who has videos with her naked, captured by surveillance cameras in the house.

It appears that she even filed a criminal complaint with the L.A. County Sheriff’s Department about all this.

Last year’s celeb hack, dubbed “The Fappening,” exposed private pictures of a good deal of celebrities on anonymous image boards and some individual even created separate websites offering access to the private content stolen from iCloud.

Hack Haunts Kris Jenner, Hacker Blackmails
Hack Haunts Kris Jenner, Hacker Blackmails

Because of a major security flaw, an individual who knew the username of the victim could run a brute-force attack on the iCloud log-in page to learn the corresponding password. Only users with two-factor authentication (2FA) would be protected against this attack.
Software can connect IP cameras to iCloud

Until more details emerge, we cannot but speculate about how the hacker managed to access the private data; and many may think that Jenner’s story sounds a bit strange and it is nothing but a stunt to promote her show because the data from the incident had been uploaded from an iDevice.

However, there are applications that can upload video from IP cameras straight into someone’s iCloud storage, which could have been hacked.

The one we found has some limitations, though, and it supports a total of three IP cameras, whose video stream can be automatically uploaded to Apple’s cloud and can be watched from a mobile device.

On the other hand, many users fail to properly secure access to surveillance cameras and maintain the default credentials from the manufacturer, at the same time keeping them reachable from the web.

This would be unlikely in Jenner’s case, but a phishing attack tricking a user into providing the log-in details for the administration console of the IP camera is a likely possibility.


Google Vietnam back to normal after apparent ‘Lizard Squad’ hack

Posted on

The Vietnamese site of Google was inaccessible around noon on Monday as a group of hackers called Lizard Squad appeared to have taken over and disrupted the popular search engine service.
Many Internet users in Vietnam said they were unable to go to from 12:30 p.m., with a message on their computer screens saying the site was no longer safe.
Those who chose to bypass the warning and attempt to access the site would see a picture of a man apparently trying to take a selfie and the following message: “Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)”.
The problem was fixed at 2:30 pm and the site seems to be running as usual.

Google Vietnam back to normal after apparent 'Lizard Squad' hack
Google Vietnam back to normal after apparent ‘Lizard Squad’ hack

The Twitter account of the group, @LizardCircle, gained some 500 new followers within those two hours.
Some angry tweets demanded the hackers to back off.
Google Vietnam told Thanh Nien that the company “acknowledged that Google Search’s interface was redirected,” but refused to comment further.
It is uncertain if this Lizard Squad group of hackers is also the one who claimed responsibility for recent high-profile cyber attacks, including the attacks that took down the Sony PlayStation Network and Microsoft’s Xbox Live network last December.
Lizard Squad also claimed that it was behind the January 27 attack that temporarily blocked several major web sites, including Facebook and its photo-sharing app, Instagram.
But Facebook later denied, saying an internal software networking error was to blame.