The Hacker News

Mise à jour

Mise à jour de la base de données, veuillez patienter...

15-year-old Teenage Hacker Arrested Over FBI Computer Hack

vendredi 19 février 2016 à 12:18

15-year-old British Hacker Arrested Over FBI Computer Hack

Another 15-year-old teenager got arrested from the land of cakes, Scotland, by British Police for breaking into the FBI Systems on 16th February.

Under the Britain’s anti-hacking law, Computer Misuse Act 1990, the boy has been arrested for his role in hacking and unauthorized access to the digital material.

Federal Agents had fled to Glasgow in an attempt to carry out a raid on his home before proceeding with the boy's arrest.

"He has since been released and is the subject of a report to the procurator fiscal," a Police Spokesman told a Scottish journal.

As with the present scenario, reports say that the boy could be extradited to the United States to face the Intrusion and hacking charges.

Second Member of the Hacking Group Arrested

The suspect is believed to be an active member of the notorious hacking group called "Crackas with Attitude" aka "CWA", Motherboard confirms.

Another member of the same group got arrested from the United Kingdom last week. The 16-year-old British teenager was suspected of hacking into the CIA and the FBI confidential.

The hacktivist group "Cracka with Attitude" is behind a series of hacks on the United States government and its high-level officials, including:

Leaked the personal and sensitive details of tens of thousands of FBI agents and the US Department of Homeland Security (DHS) employees.
Hacked into AOL emails of CIA director John Brennan.
Hacked into the personal phone accounts and emails of the US spy chief James Clapper.
Broke into AOL emails of the FBI Deputy Director Mark Giuliano.

Last Member of Hacking Group Left

Additionally, it is assumed that only one more member (with a pseudonym "Thwarting Exploits") has been left in the CWA group to get busted, as this got evident from his tweet finalizing the fact that it is a the third member of the group.

Nowadays, the amateurish approach of teenage hackers are hunting down the world's greatest Crime solvers such as FBI and CIA.

The busted cyber criminals are liable to spend their rest of the life behind bars. The cyber laws are strict enough; that it would eat up your whole life years and even beyond your lifetime sometimes.

How Just Opening an MS Word Doc Can Hijack Every File On Your System

vendredi 19 février 2016 à 09:37

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.

Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Microsoft MACROS are Back

It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."

Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?

Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".

Here comes the bad part:

Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.

Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.

Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.

One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files

The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.

A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initially discovered the existence of Locky encrypted virus.

To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.

"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:

Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia.

Using SimpliSafe Home Security? — You're Screwed! It's Easy to Hack & Can't be Patched

jeudi 18 février 2016 à 11:44

If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless.

The so-called 'Smart' Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm.

SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack, allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts.

…and the most interesting reality is: You Can Not Patch it!

As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time.

Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user's home WiFi network – that allowed researchers to hack WiFi password of the home user.

How to Hack SimpliSafe Alarms?

According to the senior security consultant at IOActive Andrew Zonenberg, who discovered this weakness, anyone with basic hardware and software, between $50 and $250, can harvest alarm's PIN and turn alarm OFF at a distance of up to 200 yards (30 meters) away.

Since SimpliSafe Alarm uses unencrypted communications over the air, thief loitering near a home with some radio equipment could sniff the unencrypted PIN messages transferred from a keypad to the alarm control box when the house owner deactivates the alarm.

The attacker then records the PIN code on the microcontroller board's memory (RAM) and later replay this PIN code to disable the compromised alarm and carry out burglaries when the owners are out of their homes.

Moreover, the attacker could also send spoofed sensor readings, like the back door closed, in an attempt to fool alarm into thinking no break-in is happening.

Video Demonstration of the Hack

You can watch the video demonstration that shows the hack in work:

"Unfortunately, there's no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening," Zonenberg explains.

Here's Why Your Smart Alarms are Unpatchable

Besides using the unencrypted channel, SimpliSafe also installs a one-time programmable chip in its wireless home alarm, leaving no option for an over-the-air update.

"Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol," Zonenberg adds. But, "this isn't an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable."

This means there is no patch coming to your SimpliSafe Alarm, leaving you as well as over 300,000 homeowners without a solution other than to stop using SimpliSafe alarms and buy another wireless alarm systems.

Zonenberg said he has already contacted Boston-based smart alarm provider several times since September 2015, but the manufacturer has not yet responded to this issue. So, he finally reported the issue to US-CERT.

Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records

jeudi 18 février 2016 à 09:59

Ransomware has seriously turned on to a noxious game of Hackers to get paid effortlessly.

Once again the heat was felt by the Los Angeles-based Presbyterian Medical Center when a group of hackers had sealed all its sensitive files and demanded $17,000 USD to regain the access to those compromised data.

The devastation of the compromised files can be pitched as:

Compromised emails
Lockout Electronic Medical Record System [EMR]
Encrypted patient data
Unable to carry CT Scans of the admitted patients
Ferried risky patients to nearby hospitals

...and much more unexplained outcomes.

The hospital had confirmed that the Ransomware malware had hit its core heart a week before, potentially affecting the situation to grow much worse.

Hospital End up Paying $17,000

As the situation was grown out of wild, the hospital paid 40 Bitcoins (Roughly US $17,000) to the Ransomware Criminals to resume their medical operations after gaining the decryption keys.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," the hospital CEO Allen Stefanek said in a letter.

All the electronic medical system were restored back soon after unlocking the encrypted file locks.

The Ransomware had stolen the nights of many network administrators, as they would be often blamed to fight up this nasty threat; instead of blaming staffs who click the illegit links in their e-mail.

The FBI Advises Victims to Just Pay the Ransom

Last year, even the FBI advised paying off the Ransom amount to the ransomware criminals as they had not come up with any other alternatives.

Several companies had got webbed in the Ransomware business including a US Police Department that paid US $750 to ransomware criminals three years back.

Criminals often demand the ransom in BTC (their intelligent move) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.

So until and unless a permanent solution evolves, users are requested not to click malicious or suspected links sent via an unknown person.

The frequent payment to Ransomware encourages the hackers in the dark to stash the cash and develop a more enticing framework for the next target.

But affecting a medical system is a heinous crime as hospitals are acting as a bridge between life and heaven.

Apple vs. FBI — Google Joins Tim Cook in Encryption Backdoor Battle

jeudi 18 février 2016 à 08:43

Apple vs. FBI — Google CEO Joins Apple in Encryption Backdoor Battle

In the escalating battle between the Federal Bureau of Investigation (FBI) and Apple over iPhone encryption, former National Security Agency (NSA) contractor Edward Snowden and Google chief executive Sundar Pichai just sided with Apple's refusal to unlock iPhone.

Yesterday, Apple CEO Tim Cook refused to comply with a federal court order to help the FBI unlock an iPhone owned by one of the terrorists in the mass shootings in San Bernardino, California, in December.

Here's What the FBI is Demanding:

The federal officials have asked Apple to make a less secure version of its iOS that can be used by the officials to brute force the 4-6 digits passcode on the dead shooter's iPhone without getting the device's data self-destructed.

Cook called the court order a "chilling" demand that "would undermine the very freedoms and liberty our government is meant to protect." He argued that to help the FBI unlock the iPhone would basically providing an Encryption Backdoor that would make the products less secure.

Backdoor for Government, Backdoor for All

However, Apple is worried that once this backdoor gets created and handed over to the FBI, there would be chances that the backdoor will likely get into the hands of malicious hackers who could use it for evil purposes.

Although many politicians, including Donald Trump, have slammed Apple's decision, Google has stepped up and taken a public stand in support of Apple's decision.

"I agree 100 percent with the courts," Trump said in a statement. "But to think that Apple won't allow us to get into her cell phone, who do they think they are? No, we have to open it up."

Google Sided with Apple

In a series of tweets late Wednesday, Pichai sided with Apple while saying "forcing companies to enable hacking could compromise users' privacy" and "requiring companies to enable hacking of customer devices & data. Could be a troubling precedent."

However, Pichai took more than 12 hours to talk about this burning issue, after Edward Snowden pointed out that Google had not yet stepped forward to speak up on his stand.

"The @FBI is creating a world where citizens rely on #Apple to defend their rights, rather than the other way around," Snowden tweeted on Wednesday. Snowden called on Google to stand with Apple, saying, "This is the most important tech case in a decade."

Pichai's stance is basically:

The technology companies will give its customers' data to law enforcement when it is required to, but the companies will not put in a "Backdoor" for the government.

While the statements made by Pichai is not quite as forceful as Cook's statement published in an open letter to its customers, we can assume both Google and Apple are together, at least in the sense that the federal agencies are asking too much.