Month: April 2015
Ottawa – Federal police arrested a Canadian woman Wednesday accused of remotely taking over people’s computers and spying on them using their own webcams.
The 27-year-old suspect, who allegedly leads on online hacker forum with 35,000 members worldwide, used malicious software to infect and take over others’ computers, the Royal Canadian Mounted Police said in a statement.
She is believed to be “at the origin of a botnet, i.e. a group of computers infected by a virus and remotely controlled by a hacker,” police said, declining to identify her.
From her home in Saint-Alphonse-Rodriguez, Quebec, the woman allegedly eavesdropped on private conversations and communicated with victims through the speakers of their infected computers.
Police said she also “frightened her victims,” including children, by taking over control of their computers and logging on to extreme pornography websites.
Police also seized control of her web forum and shut it down.
In the last weeks a new security researcher “Milan A Solanki” was activly reporting security bugs to paypal and ebay inc. One of his valid and verified issues was exclusivly disclosed by the vulnerability laboratory infrastructure. In april Milan A Solanki discovered a remote code execution vulnerability in the marketing online service web-application of paypal. The issue was marked as critical with a cvss count of 9.3.
The Java Debug Wire Protocol (JDWP) is the protocol used for communication between a debugger and the Java virtual machine (VM) which it debugs (hereafter called the target VM). JDWP is one layer within the Java Platform Debugger Architecture (JPDA). JDWP does not use any authentication and could be abused by an attacker to execute arbitrary code on the affected server.
The tool that he used to disclose was the well known io-active script jdwp-shellifier. He scanned the marketing site and had opened port 8000 (pre-auth) than he just executed after the accepted connection his own codes/commands and finally disclosed a remote code execution issue to the official paypal inc bug bounty program. Within one week the paypal security team verified the vulnerability and patch the bug within two weeks after disclosure.
The security researcher recorded a security video to demonstrate the vulnerability by a live hack session. The video is also available in our fresh feed and demonstrates the security risk of the vulnerability.
When could a denial of service attack have lethal consequences? It could be fatal if it is launched at a “crucial point” during a surgery which is being conducted over the Internet by a surgeon via a teleoperated robot.
When a surgeon cannot physically be in a specific location, but a robot could, then telesurgery could allow a surgeon to operate via a robotic system from a remote location; teleoperated surgical robots could be used to save lives in underdeveloped rural areas, locations affected by natural or human-caused disasters and battlefield scenarios. Yet security has not been a concern for telerobotic surgery, even though there is a 20% yearly increase in the number of robots sold. The authors of a recent research paper asked, “What if the computer systems for these robots are attacked, taken over and even turned into weapons?” They referenced Stuxnet as an example of what can happen when a cyber-physical system, aka embedded system, is targeted.
A team of bright minds from the University of Washington Departments of Electrical Engineering and of Computer Science and Engineering identified “a slew of possible cyber security threats.” During research supported by the National Science Foundation, they were able to “maliciously control a wide range of robots functions, and even to completely ignore or override command inputs from the surgeon.” But those aren’t the only attacks theydemonstrated in “To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots.” They also found “that it is possible to abuse the robot’s existing emergency stop (E-stop) mechanism to execute efficient (single packet) attacks.”
The researchers set out to determine how easily an attacker could compromise a teleoperated surgery system and what cyberattacks could be successfully launched. For their analysis, they used the robotic surgery platform Raven II which was developed by the University of Washington and was featured in the film Ender’s Game.
The Raven II has “two winglike arms that end in tiny claws” which were designed to hold surgical tools in order to perform surgery via commands sent over the Internet. “A surgeon sitting at a screen can look through Raven’s cameras and guide the instruments to perform a task such as suturing,” explained UW. The Raven II robot runs on a PC running the Robot Operating System (ROS), which isopen-source control software. The Raven communicates “with the control console using a standard communications protocol for remote surgery known as the Interoperable Telesurgery Protocol,” a publicly available protocol that the researchers were able to easily hijack. “We effectively took control over the teleoperated procedure,” they wrote (pdf).
In hijacking attacks, a malicious entity causes the robot to completely ignore the intentions of a surgeon, and to instead perform some other, potentially harmful actions. Some possible attacks includes both temporary and permanent takeovers of the robot, and depending on the actions executed by the robot after being hijacked, these attacks can be either very discreet or very noticeable.
While some people do die on an operating table, death on an operating table due to a denial-of-service attack is hard to imagine. However, in another hijacking attack, the researchers were able to abuse the robot’s safety mechanism that is meant to prevent the robot’s arms from moving too fast or outside of the allowed area. “Every time the Raven’s arms are commanded to move too fast, or go to an unsafe position, the robot’s software imposes a system-wide halt, referred to as a software E-stop.” Yet they found “that it is possible to abuse the robot’s emergency stop (E-stop) to execute efficient (one packet) denial-of-service attacks.”
The research team added:
By sending a leading packet to the robot, where at least one of the changes in position or rotation is too large, and would cause the Raven to either go too fast or to go to a forbidden region, we are able to E-stop the robot. Moreover, by repeatedly sending a malicious leading packet as the one just described, we are able to easily stop the robot from ever being properly reset, thus effectively making a surgical procedure impossible.
In another of the three types of cyberattacks studied, the researchers said an attacker could directly impact a surgeon’s intended actions by modifying his/her messages while packets are in-flight to make the robot’s real-time responsiveness movements jerky and difficult to control. Some of the attacks included changing the surgeon’s packets on-the-fly by “deleting, delaying or re-ordering” commands before sending them to Raven, such as commanding the robot to change position or rotation. The team wrote, “Most of these attacks had a noticeable impact on the Raven immediately upon launch.”
Besides increasing awareness of security issues in cyber-physical systems, the researchers showed attacks against Raven II resulted in breaching “several concerning elements of the system over a wide attack surface, and some extremely efficiently (with a single packet).” They concluded that “some of these attacks could have easily been prevented by using well-established and readily-available security mechanisms, including encryption and authentication.” Yet “encrypting and authenticating video feedback will likely cause an unacceptable decrease in packet throughput rate.”
Lastly, the researchers believe that the concerns they presented “are not unique to teleoperated surgery, but are common to all teleoperated robots. Because of the wide variety of physical and digital capabilities these systems wield, telerobotic security needs to become front-and-center.”
Satellite jamming is a kind of censorship, whereby the government or hackers or criminals prohibit access to satellite and prevents the free flow of information. It is also referred to as intentional technical interference. Satellite jamming is a breach of law of Article 15 of Radio Regulations of the International Telecommunications Union as explained by ethical hacking course expert of International Institute of Cyber Security, Mike Stevens.
If any government like china where right of free speech is not allowed and government wants to control the media and communication done over other modes of communication like satellite then sometimes government can seek option of satellite jamming. This can help government or an organization to get a tight grip over the media and all modes of communication and control satellite television broadcasts from outside the country.
Satellite jamming incidents have occurred in various countries like Russia, Cuba, Iran, China and even in US as per information security training expert, James Taylor. International Satellites transponder receives information from uplink stations, which might be television stations or companies and then satellites broadcast the signal across various downlink stations on the ground.
Orbital jamming involves the criminal o hacker sending contradictory signals directly towards a satellite through his own or hacked uplink station. When these jamming signals are sent, frequencies mix with each other and the original feed is disrupted and nobody can hear the original signal/channel.
As satellite system works in groups of channels, when one channel is jammed, all others channel in the group are also disrupted. Orbital jamming done by some government causes censorship not only in their country but for other countries and continents too. For example, if Democracy oriented radio suffers an orbital jamming attack in China, all Indian viewers tuned into the same frequency from the same satellite will not be able to access that radio channel. As per ethical hacking course expert, neighboring channels can also be affected by jamming.
Terrestrial jamming occurs in a specific location and involves equipment. Rather than targeting the satellite itself, as is the case in orbital jamming, terrestrial jamming involves sending contradictory signals directly towards the local consumer-level satellite dish. The contradictory frequencies are area-specific, interfering only with the signals of satellite in a specific location. Small, portable terrestrial jammers have a range of 5 kilometers in urban areas. Big terrestrial jammers have range up to 50 kilometers. Terrestrial jammers also interfere with radio frequencies, thus affecting radio communications between the police, hospitals etc. Consumers will not find out whether they are experiencing terrestrial or orbital jamming. Information security training expert explained that the technology required for satellite jamming is fairly standard, easy to purchase, use and conceal and cost is around 4000 to 30000 USD.
Interferencias de satélites o Jamming de satélites es un tipo de censura, por lo que el gobierno o los hackers o delincuentes prohíben el acceso al satélite e impide el libre flujo de información. También se refirió a la interferencia técnica como tipo intencional. Interferencias de satélites es una violación del derecho del artículo 15 del Reglamento de Radiocomunicaciones de la Unión Internacional de Telecomunicaciones según ha explicado maestro de hacking ético, Mike Stevens de Instituto Internacional de Seguridad Cibernética.
Si algún gobierno como China, donde no está permitido derecho de expresión libre y gobierno quiere controlar los medios de comunicación y la comunicación realizadas sobre otros modos de comunicación como vía satélite entonces a veces el gobierno puede buscar la opción de interferencias de satélites. Este puede ayudar gobierno o una organización para obtener un control sobre los medios de comunicación y control de las emisiones de canales de televisión o radio por satélite desde fuera del país.
Incidentes de interferencias de satélites o satélite jamming se han pasado en varios países como Rusia, Cuba, Irán, China e incluso en los Estados Unidos de acuerdo con información de experto de escuela de capacitación de seguridad informática, James Taylor. Transpondedor de satélites internacionales recibe información vía las estaciones de enlace ascendente, que podrían ser las estaciones de televisión o empresas y luego satélites transmiten la señal a través de varias estaciones de enlace descendente en el suelo.
Interferencias orbital de satélites implica el hacker o delincuentes envían señales contradictorias directamente hacia un satélite a través de su propia o hackeada
estación de enlace ascendente. Cuando se envían están señales fuertes de interferencia, las frecuencias se mezclan entre sí y la señal original se interrumpe y nadie puede oír la señal o canal original.
Como sistema de satélites trabaja en grupos de canales, cuando se atasca un canal, todos los otros canales en el grupo también se interrumpen. Interferencias orbital realizado por algún gobierno hace que hay censura no sólo en su país sino también para otros países y continentes también. Por ejemplo, si la radio orientada a democracia sufre un ataque de interferencias orbital jamming orbital en China, todos los espectadores en India conectados en la misma frecuencia del mismo satélite no podrán acceder a ese canal de radio. De acuerdo con experto de curso de hacking ético, canales vecinos también pueden ser afectados por interferencia.
Interferencias terrestres o jamming terrestre se produce en un lugar específico e involucra dispositivo. En lugar de fijar el satélite, como es el caso de Interferencias orbital, interferencias terrestrial implica envío de señales contradictorias directamente hacia la antena parabólica a nivel de consumidor local. Las frecuencias contradictorias son área específica, interfiriendo sólo con las señales de satélite en una ubicación específica. Jammers terrestres pequeños y portátiles, tienen un rango de 5 kilómetros en las zonas urbanas. Jammers terrestres grandes tienen alcance de hasta 50 kilómetros. Jammers terrestres también interfieren con las frecuencias de radio, lo que afecta a las comunicaciones de radio entre la policía, hospitales, etc. Los consumidores no saben que está pasando interferencia terrestre o orbital. El experto de capacitación de seguridad informática explicó que la tecnología necesaria para interferencia de satélite es bastante estándar, fácil de adquirir y el costo es de alrededor de 4.000 a 30.000 dólares.
Tesla Motors is famous for its high performance, gadget-filled, electric cars – but that doesn’t necessarily mean that it’s a master of all technology.
This weekend, to the amusement of some on social media, Tesla’s website and Twitter account was hijacked by hackers.
Visitors to teslamotors.com found that in place of the normal sexy imagery of electric automobiles, hackers had added their own images and messages.
Meanwhile, the company’s Twitter account (@TeslaMotors) had also suffered at the hands of hackers, who renamed it #RIPPRGANG and told the firm’s half a million followers that they should call a phone number if they wanted a free Tesla.
To add insult to injury, Tesla CEO Elon Musk’s personal Twitter account was also hijacked by the hackers, proving that being an internet billionaire isn’t necessarily a guarantee that you don’t suffer from first world problems.
Twitter user @rootworx, who was referenced in many of the tweets posted by the hackers, denied any connection with the breach, and said that the attackers had given out his home phone number as the one that users should call for the mythical free Tesla.
The logical assumption is that @rootworx has really really upset someone, or at the very least they’re getting much amusement from pranking him when they hack accounts.
Tesla is far from the only high profile organisation to have its website hijacked recently. A similar fate, for instance, recently befell Google in Vietnam and Lenovo as Hot for Security reported a couple of months ago.
So, how are the hackers doing this?
Well, the first thing to realise is that – despite appearances – the websites of Tesla Motors, Google and Lenovo were not actually hacked. At no time did the hackers manage to gain unauthorised access to servers belonging to these companies.
Instead, the hackers were able to give the appearance that a web server breach had occurred by changing the site’s DNS records to point to another server, hosting the images and messages that they wanted visitors to teslamotors.com to see.
Quite how the hackers managed to gain control of Tesla’s DNS records is unclear, but it could have been a failure at the registrar the company chooses to look after its DNS entries.
But there’s more. We know that the hackers also managed to gain control of Tesla’s Twitter account, and that of its billionaire boss Elon Musk. How did they do that?
Well, it appears that as well as changing the DNS records for Tesla’s website, the hackers may have also altered the MX mail server records for teslamotors.com. That would mean that they could send any emails directed to firstname.lastname@example.org to a mail server under their own control.
In short, the hackers could now read any emails sent to Tesla Motors.
With that in place, all that the criminals had to do was request a password reset for the Twitter accounts and wait for the confirmation email to be sent to the appropriate addresses at teslamotors.com.
Of course, if Tesla had login verifications enabled on their Twitter accounts chances are that the hackers would have found it tricky to tweet under the company’s name.
It’s worth remembering that any form of two factor authentication is better than having no additional security layer at all.
We should also be grateful that whoever compromised the Tesla Twitter accounts and hijacked the firm’s website appears to have been more interested in childish pranks rather than using the opportunity to spread money-making malware, phish for credentials or cause other harm to innocent consumers.
The nefarious, encrypted strings were discovered on March 16, 2015, but following an investigation into the incident the administrators determined that the initial date of the breach may go as far back as February 11.
Payment card information may be at risk
Once the unauthorized code was discovered, the admins proceeded to removing it and strengthening the security measures on the website for increased protection of the data stored.
The security improvement efforts were assisted by a specialized company. As part of this process, My Freedom Smokes changed the method for taking online orders, although it had already relied on encrypted communication with the clients and the card processor gateway machine was encrypted during the breach period.
According to a notification from the company, the financial information that may have been grabbed by the attacker includes names, physical addresses, email addresses, telephone numbers, credit card numbers, expiration dates and the card verification value (CVV) code.
Basically, all the data needed for placing an order on the website (or on any other online store) during the aforementioned period may have been exposed.
Customers incurred fraudulent charges
The company informs that the payment card numbers it stores are only partial and that CVVs are not saved on its infrastructure.
Some of the My Freedom Smokes customers have reported fraudulent charges on their payment cards during the breach period. However, it is unclear if the illegal activity was due to the compromise of this retailer or a different one.
Unlike in the case of other data breach incidents, My Freedom Smokes does not offer complimentary subscription to an identity protection service; this step is not mandatory, though.
On the other hand, it provides tips on keeping safe from malicious activity and recommends reviewing the bank account statements for irregular transactions.