Skip navigation
Help

Computer network security

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.



One spring day in 2010, a hacker named Kevin Finisterre knew he had hit the jackpot. A network he had been casing finally broadcast the live video and audio feed of a police cruiser belonging to a US-based municipal government. His jaw dropped as a computer in his home office in Columbus, Ohio showed the vehicle—with flashing blue lights on and siren blaring—charging down a road of the unnamed city.

A burly 31-year-old with glasses and pork-chop sideburns, Finisterre has spent more than a decade applying his combination of street smarts and technical skills to pierce digital fortresses. For instance, he once accessed the work account of an engineer for a large utility company. Finisterre used a pilfered profile from Hotjewishgirls.com to trick the engineer into thinking he was interacting with a flirtatious 26-year-old woman, until the engineer finally coughed up enough personal information to make an attack on his corporate account successful.

It's not a bad way to earn a living.

Read the rest of this article...

Read the comments on this post

0
Your rating: None

alphadogg writes "The cyber-criminal gang that operated the recently disabled Kelihos botnet has already begun building a new botnet with the help of a Facebook worm, according to security researchers from Seculert. Security experts from Kaspersky Lab, CrowdStrike, Dell SecureWorks and the Honeynet Project, announced that they took control of the 110,000 PC-strong Kelihos botnet on Wednesday using a method called sinkholing. That worm has compromised over 70,000 Facebook accounts so far and is currently distributing a new version of the Kelihos Trojan."


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None



The recent resurgence of the Hlux/Kelihos botnet, taken down last week by a team of security companies, demonstrates how hard it is to detect and permanently shut down the latest generation of botnets. And the arms race to counter botnets is only going to escalate further now that the sort of peer-to-peer technology used in Kelihos has become commoditized in Zeus, a botnet "platform" at the center of a thriving criminal software ecosystem.

Last week, Microsoft and its partners were able to take down a collection of Zeus botnets infecting more than 13 million PCs by seizing associated servers and domain names then disrupting their command and control (C&C) network. But those botnets were built using an older set of Zeus binaries. A newer version of the software incorporates peer-to-peer networking technology in a way that eliminates the need for a C&C server, rendering botnets immune to that sort of decapitating strike.

"The takedowns we saw (by Microsoft) will become less and less possible as people move their botnets from client-server architectures to peer-to-peer," said Wade Williamson, senior product manager at Palo Alto Networks.

Read the rest of this article...

Read the comments on this post

0
Your rating: None



Security researchers have disabled the latest botnet created with Kelihos malware, stopping a 116,000-bot-strong operation devoted to Bitcoin hacking and other crimes. Announced today, the operation took place last week and was run by Kaspersky Lab, CrowdStrike, Dell SecureWorks, and the Honeynet Project.

While the first Kelihos botnet (also known as "Hlux") was taken down last September, an entirely new botnet using the same code was identified earlier this year.

In addition to spamming and distributed denial-of-service attacks, this latest botnet was capable of both stealing Bitcoin wallets from infected computers, and BitCoin mining, which uses the resources of victimized computers to make new Bitcoins.

Read the rest of this article...

Read the comments on this post

0
Your rating: None



Is turnabout fair play? A handful of Anons have found themselves on the wrong end of a hack in the wake of the US government takedown of Megaupload. On January 20, just one day after Megaupload founder Kim Dotcom was arrested in New Zealand, an unknown attacker slipped code from the infamous Zeus Trojan into the slowloris tool used by members of Anonymous to carry out DDoS attacks on websites that have drawn their ire. As a result, many of those who participated in DDoS attacks targeted at the US Department of Justice, music label UMG, and whitehouse.gov also had their own PCs compromised.

Security firm Symantec details how some Anons ended up with Zeus on their systems. After modifying the Slowloris source to include code for the Zeus trojan on January 20, the attacker changed a couple of Pastebin guides used to bring would-be DDoSers up to speed to show a new URL for downloading the Slowloris tool.

Each time Slowloris was downloaded and launched after the 20th of January, a Zeus botnet client was installed too. The Zeus client then stealthily downloaded a "clean" version of Slowloris to replace the modified copy in an attempt to conceal its existence on the infected PC. In the meantime, the Zeus trojan did its usual dirty work: capturing passwords and cookies, as well as banking and webmail credentials, and sending them off to a command-and-control server.

Symantec's research shows the modified version of Slowloris was widely downloaded. "This Anonymous DoS tool on PasteBin has become quite popular among the Anonymous movement with more than 26,000 views and 400 tweets referring to the post," noted Symantec's official blog. 

The compromised version of Slowloris is no longer linked to on Pastebin: it appears that coverage of the shenanigans pulled on Anonymous has resulted in what looks to be a link to the correct verison of Slowloris being restored to the Pastebin guide.

Having Zeus installed on one's PC is absolutely no fun at all, so those who have downloaded the compromised version of Slowloris are going to have their hands full trying to hunt down and eradicate the trojan. Indeed, we see a number of clean OS installs in the immediate future for those who participated in DDoS attacks after the Megaupload takedown.

Read the comments on this post

0
Your rating: None



As Bruce Schneier spent the past decade watching the growing rash of phishers, malware attacks, and identity theft, a new Internet threat has emerged that poses even greater risks, the security expert said.

Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are more insidious because they threaten to alter the fabric of the Internet itself. They're also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don't recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.

Read the rest of this article...

Read the comments on this post

0
Your rating: None

An anonymous reader writes "Details of the tools, techniques and procedures used by the hackers behind the RSA security breach have been revealed in a research paper (PDF) published by Australian IT security company Command Five. The paper also, for the first time, explains links between the RSA hack and other major targeted attacks. This paper is a vendor-neutral must-read for any network defenders concerned by the hype surrounding 'Advanced Persistent Threats.'"


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

New submitter The Mister Purple writes "A team of German researchers appears to have cracked the GMR-1 and GMR-2 encryption algorithms used by many (though not all) satellite phones. Anyone fancy putting a cluster together for a listening party? 'Mr. Driessen told The Telegraph that the equipment and software needed to intercept and decrypt satellite phone calls from hundreds of thousands of users would cost as little as $2,000. His demonstration system takes up to half an hour to decipher a call, but a more powerful computer would allow eavesdropping in real time, he said.'"


Share on Google+

Read more of this story at Slashdot.

0
Your rating: None