2011/11/03 11:25 P.M. 2011/09/26 7:44 A.M. 
The logs maintained by HideMyAss.com, in addition to other evidence, has led to the arrest of another LulzSec member in Arizona, The Tech Herald has learned. Cody Kretsinger, 23, allegedly used the anonymity service during his role in the attack on Sony Pictures. In late May, during the height of their escapades, LulzSec said it was the beginning of the end for Sony. A week later, they released 140,000 records. The breach was possible thanks to a single SQL Injection flaw within a promotional page for the movie Ghostbusters. The SQLi flaw led them to more than one million clear text passwords, 3.5 million “music coupon” codes, and 75,000 “music codes”. At the time, database dump with 12,500 records, containing names, home addresses, phone numbers, email addresses, usernames and passwords, was viewed as the most damaging part of the release. In a statement, Sony Pictures confirmed the breach, and said they were working with the FBI during the investigation. [More] According to a recently unsealed indictment filed in Los Angeles, and a press release from the FBI, one of the participants in the LulzSec attack was arrested without incident at his home in Phoenix, Arizona on Thursday. The indictment states Cody Kretsinger used a VPN from HideMyAss.com to scout Sony Pictures’ website for SQL Injection vulnerabilities. Based on statements made by the group at the time, Kretsinger’s efforts were successful. In an attempt to cover his tracks, he formatted his hard drive. Sources at the U.S. Department of Justice told The Tech Herald this afternoon that depending on the methods used to erase the drive, it was entirely possible that data would be recovered. Computer Forensics has come a long way in the last decade. Aside from outright destroying a disk, it’s hard to wipe a hard drive in a short amount of time. In addition, the source suggested that server logs presented by Sony and the anonymity service helped with the investigation. Logs, seized equipment, and testimony from those arrested, seems to be the undoing for those connected to Anonymous and LulzSec. However, the source refused to comment on the scope and general flow of the FBI’s investigation into Anonymous and LulzSec, so it is unknown how investigators are connecting the dots. According to HideMyAss.com, “…services such as ours do not exist to hide people from illegal activity. We will cooperate with law enforcement agencies if it has become evident that your account has been used for illegal activities.” The service stores logs for 30-days when it comes to Website proxy services, and they store the connecting IP address, as well as time stamps for those using the VPN offerings. Emails seeking comment on HideMyAss.com’s level of cooperation with the FBI, as well as to confirm what information was made available, were not returned. Kretsinger made an initial appearance before a federal magistrate in U.S. District Court in Phoenix on Thursday. If convicted, he faces a maximum sentence of 15 years in prison. In related news, a homeless man was arrested in San Francisco on Thursday as well, for his connection to Anonymous and an attack against the Santa Cruz County government. Moreover, the FBI conducted raids in Minnesota, Montana, and New Jersey, as part of their investigation into the actions of Anonymous and LulzSec. # From http://www.thetechherald.com/article.php/201138/7643/Proxy-logs-helped-FBI-track-and-arrest-LulzSec-member |
2011/09/20 4:45 A.M. Mitsubishi Heavy Industries Ltd, Japan's largest
defense contractor, has been a victim of a cyber attack, according to a
report from the company. The company said attackers had gained access to
company computer systems, with some reports saying the attacks targeted
its submarine, missile and nuclear power plant component businesses. 
"We can't rule out small possibilities of further information leakage
but so far crucial data about our products or technologies have been
kept safe," a Mitsubishi Heavy spokesman told Reuters.
"We've found out that some system information such as IP addresses have
been leaked and that's creepy enough," the spokesman added. According to The Yomiuri newspaper, approximately 80 systems had been
infected with malware at the company's headquarters in Tokyo, as well
as manufacturing and research and development sites, including Kobe
Shipyard & Machinery Works, Nagasaki Shipyard & Machinery Works
and Nagoya Guidance & Propulsion System Works. The company reportedly first noticed the cyber attack on August 11th. "It's probably just the first that hacking attacks in Japan have been
detected. It's consistent with what we've seen already with big
American defense companies," Andrew Davies, a cyber-warfare analyst with
the government backed defense think-tank, the Australian Strategic
Policy Institute, told Reuters. The company manufactures many weapons systems
and aircraft including Patriot missiles, under license from Raytheon,
F-15J Fighter Jets, under license from Boeing, and several other guided
weapons systems. The company is expected to release additional information and an updated statement shortly. # http://www.securityweek.com/japans-largest-defense-contractor-hit-cyber-attack Reference: http://blog.trendmicro.com/japan-us-defense-industries-among-targeted-entities-in-latest-attack/ |
2011/08/09 6:41 A.M. 根据韩国官方的说法,金正日政权找到了新的牟利方法:开发韩国网游的自动挂机程序。韩国上周逮捕了4名韩国人和1名朝鲜族中国人,他们被控邀请30余名朝鲜程序员和专家制作“自动挂机程序”,并将此提供给中国和韩国的游戏工作室。
嫌疑人先与开设在中国的“朝鲜绫罗岛贸易总公司”、朝鲜内阁直属公司“朝鲜计算机中心”(KCC)职员进行协商后,用自己经营的公司名义向朝方发送邀请
函,还获得朝鲜驻中国领事馆的同意,邀请朝鲜黑客到中国来。他们向朝鲜黑客提供了住处和生活费。朝鲜黑客在中国停留约5个月,在此期间根据要求,以每组5
人分组制作《天堂》、《地下城与勇士》、《楓之谷》等游戏的自动挂机程序。涉案黑客大部分都是毕业于金日成综合大学、金策工业大学等朝鲜名牌大学,每月将
收入中的500美元汇给了朝鲜当局。 来源: http://games.solidot.org/article.pl?sid=11/08/08/0211218 |
2011/08/05 3:55 A.M. 2011/08/05 3:44 A.M. 2011/08/01 9:21 A.M. Are U.S. and China Engaged in a Cyber Cold War? Last month, Chinese Vice
Foreign Minister Cui Tiankai issued statements to the press in an
effort to dispel the notion that China and the United States are
engaged in cyber warfare activities aimed at undermining the other's
security posture.
"I want to clear something up: there are no contradictions between China and the United States. Though hackers attack the US Internet and China's Internet, I believe they do not represent any country,"said Cui. But Cui's assertions run counter to an analysis published in China's leading military newspaper and re-posted on the website of China's Ministry of Defense. "The
U.S. military is hastening to seize the commanding military heights on
the Internet, and another Internet war is being pushed to a stormy
peak. Their actions remind us that to protect the
nation's Internet security, we must accelerate Internet defence
development and accelerate steps to make a strong Internet army. Although
our country has developed into an Internet great power, our Internet
security defences are still very weak. So we must accelerate
development of Internet battle technology and armament," the report stated. Cui's statements also are in direct opposition to accusations levied by former national security advisor Richard Clarke in a Wall Street Journal opinion piece recently. "Senior
U.S. officials know well that the government of China is
systematically attacking the computer networks of the U.S. government
and American corporations. Beijing is successfully stealing research
and development, software source code, manufacturing know-how and
government plans. In a global competition among knowledge-based
economies, Chinese cyberoperations are eroding America's advantage,"wrote Clarke. And
western security experts have been openly speculating that China may be
behind the recent unauthorized network access events at several U.S.
defense contractors, and that they may also be responsible for the RSA
SecurID breach as well. Some believe we are witnessing the dawn
of a new 'cold war', but this time the race is on to obtain dominance
in the virtual world of cyberspace. According to a report by ABC affiliate KITV, the U.S and China are already heavily engaged in a cyber cold war: "It's
like the Cold War. We have the ability to bring you down, you have
the ability to bring us down, so no one is doing anything," said Larry Ponemon, chairman of the Ponemon Institute. "It's
no secret that government agencies are under attack from China. It's a
significant problem, and the government has been aware of it for the
past 10 to 15 years," said Prescott Winter, former CTO for the
National Security Agency and currently the public sector chief
technology officer of ArcSight. "A review of the
scale, focus, and complexity of the overall campaign directed against
the United States ... strongly suggest that these operations are
state-sponsored or supported," a Northrop Grumman white paper suggested.
"China is likely using its maturing computer network exploitation
capability to support intelligence collection against the U.S.
government and industry by conducting a long term, sophisticated,
computer network exploitation campaign."Recent reports
link Chinese hackers to a multitude of operations directed at
government and private enterprise targets, including: Energy Companies Hit by "Night Dragon" Attacks Spear-fishing Against U.S. Diplomats Chinese Cyber Spies Target U.K Government Systems Canadian Treasury and Finance Systems Hacked DDoS Attacks on South Korea Microsoft MHTML Bug Exploits Chinese Hackers Lift Microsoft Windows Source Code USCC Report Details Chinese Cyber Espionage The largest and perhaps most damaging operation in recent years were the Aurora attacks
which targeted an unknown number of large firms, including Adobe,
Northrop Grumman, Dow Chemical, Morgan Stanley, and most famously
Google "Corporations can't protect themselves against that.
It's the equivalent of breaking in and installing bugs. Companies are
now realizing the true cost of outsourcing. That's why Google left:
Google said you can't do trusted business and run a company there,"said former NSA computer scientist Dave Aitel, president of the security firm Immunity Inc. Western
corporations need to be wary of the risks posed by doing business with
China, especially where the sharing of sensitive technology and
proprietary information is concerned. "I don't want to tell
businesses not to go to China because it's unsafe. At the same time,
risk management is necessary. It's important to operate with your eyes
wide open there. China isn't Iowa"said Ernst & Young's Jose Granado.
来源:https://www.infosecisland.com/blogview/15543-The-US-and-China-are-Engaged-in-a-Cyber-Cold-War.html |
2011/07/28 8:30 P.M. (AP) -- The personal information of about 35 million Internet users in South Korea was stolen in an alleged hacking attack that originated in China, officials said Thursday. Infrared Light Sources - MEMS based IR Light Sources for Gas Detection and Monitoring - www.Leister.com/axetris
Hackers purportedly attacked popular Internet and social media sites Nate and Cyworld earlier this week, stealing data such as social security numbers and email addresses, the Korea Communications Commission said in a statement.
The regulator said that operator of the sites, SK Communications, alleged the attack originated from computers in China based on their Internet Protocol addresses. IP addresses are the Web equivalent of a street address or phone number.
The stolen data included user IDs, passwords, social security numbers, names, mobile phone numbers and email addresses. Nate said the social security numbers and passwords are encrypted so that they are not available for illegal use.
South Korean police said Thursday they have started an investigation that could take several months.
South Korea has faced Internet attacks before, with blame frequently pinned on hackers operating from IP addresses in China. China has denied all charges of hacking in the past.
In May, South Korean prosecutors said that hackers in North Korea had broken into the computer network of a South Korean bank earlier this year. The prosecutors said software used in the hacking was similar to that used in a 2009 attack that paralyzed South Korean and U.S. websites.
North Korea has flatly denied any responsibility for the attacks.
# FROM http://www.physorg.com/news/2011-07-skorea-alleged-hacking-internet-users.html |
2011/06/08 2:09 P.M. 新闻来源:网易科技
据韩联社报道,韩国四个大型门户网站遭到黑客侵袭,已核实有17万网民的个人信息被人窃取。在韩国,政府强制实行网络会员注册实名制。因此在韩国注册的网
站用户一定会将他们的身份信息包含在账户中。本次窃取的信息来自韩国国内四个大型门户网站,包括注册者的帐号、真实姓名和身份证号码等。 韩国京畿地方警察厅27日逮捕了金某(29岁)等三人。三人去年6月在京畿道城南市成立因特网宣传公司,以250万韩元(相当于1.5万人民币)的价格从中
国黑客处购买到上述被窃信息,替两处网上成人用品商店和27处文件共享网站进行宣传。成人用品店宣传费为销售额的六成,文件共享网站每注册一名新会员可得
1000韩元宣传费用。
有关人士提议网民更换密码,以免遭到信息外泄的损失。韩国警方目前正在调查黑客侵袭的经过,扩大调查范围。 # 四门户才这么点信息,谁信啊! |
2011/06/03 10:01 A.M. Days after Lockheed Martin disclosed a cyber-attack on its networks,
reports emerged that two more major defense contractors have also been
affected. Another
defense contractor appears to have been hit by a cyber-attack, and a leaked
memo indicates company executives believe attackers used information stolen
from RSA Security earlier this year. If true, RSA’s SecurID technology may be
irrevocably compromised. Attackers hit
major defense contractor L-3 Communications Holdings by spoofing pass codes
from a cloned RSA SecurID token, Reuters reported May 27. The attackers may
have used a similar method to target another defense contractor, Lockheed
Martin, on May 21. The second-largest U.S. defense contractor Northrop Grumman may also have been hacked, as
the company shut down remote access to its network without warning on May 26,
according to Fox News. L-3 Communications
was formed out of 10 business units that had been spun off by Lockheed prior to
its merger with Martin Marietta in 1995. L-3 is a major supplier of
communication, intelligence, surveillance and reconnaissance technology to the
Department of Defense. "L-3
Communications has been actively targeted with penetration attacks leveraging
the compromised information," an L-3 executive wrote April 6 in an
internal memo obtained by Wired
Threat Level. It’s not clear
from the internal email whether attackers managed to actually break into L-3
networks, or if they were detected in the midst of the attack. The memo also
did not specify exactly why or how L-3 came to the conclusion that the SecurID
two-factor authentication system was at fault. An L-3 spokesperson just said
the company takes security seriously and that the incident has been resolved. RSA Security admitted March 17 that
cyber-attackers had breached its network and obtained “information relating to
the SecurID technology.” The company has steadfastly refused to publicly
discuss exactly what was stolen or when the breach actually occurred. RSA later
disclosed that it had been hit by a phishing email exploiting a zero-day
vulnerability in Adobe Reader. At the time,
RSA executive chairman Art Coviello said the stolen information “could
potentially be used to reduce the effectiveness of a current two-factor
authentication implementation as part of a broader attack.” For someone to
break into a SecurID-protect network, the attacker would need at least one
employee's user name and pass code as well as have some idea of which services
that employee had access to. While the
details of these attacks are not “fully known,” it is likely that attackers
were able to install a keylogger somewhere within the network, according to Harry Sverdlove, CTO of security firm Bit9.
The information captured and knowledge of RSA’s token-generation algorithm
would give attackers a way to breach the network, Sverdlove said, noting that
this would be a “worst case scenario” for SecurID. “It would mean
that a single point of attack can be used to defeat the dual-factor
authentication provided by the security tokens,” Sverdlove said. The keylogger
may have been installed on a remote system that connected to the network via a
VPN. This makes sense, since the “best bet” is to attack vulnerable endpoints,
or computers that are connecting remotely and are likely not under the direct
control of the organization’s security policies. Northrop
Grumman does not comment on cyber-attacks against it, the company spokesperson
said. It’s also unclear how Northrop Grumman was hit, as ComputerWorld reported that the defense
contractor replaced all its SecurID tokens with tokens from a different vendor
“immediately” after the RSA breach. The network
shutdown at Northrop Grumman caught “even senior managers by surprise” and
caused chaos, according to the Fox News story. “We went through a domain name
and password reset across the entire organization," an unnamed source told
FoxNews.com. Lockheed Martin shut down remote access to its
internal network after a “significant and tenacious attack on its information
network” May 21. Technology blogger Robert Cringley had reported at the time
the breach involved RSA SecurID tokens that employees and contractors used to
log in to the VPN to gain access remotely to the corporate network. # Source: http://www.eweek.com/c/a/Security/Northrop-Grumman-L3-Communications-Hacked-via-Cloned-RSA-SecurID-Tokens-841662/ |
| | |
