South Korea is looking to expand a Stuxnet-like virus in order to do just what that earlier cyberweapon did in 2010: attack an enemy’s nuclear facilities. Stuxnet is widely believed to have been formed by the US and Israel to attack Iran’s nuclear facilities.
South Korea’s long-term plan includes developing malware to cripple North Korea’s missile and atomic services, information, along with fortifying its psychological warfare ability to paralyze the origin of a cyberattack.
In spite of those obligations, more than a dozen members of the cyber command’s psychological warfare unit have been under inquiry by military prosecutors for allegedly posting politically charged mail online against the opposition camp and its applicant ahead of the 2012 vote.
At any rate, even if South Korea manages to both generate a cyberweapon on par with Stuxnet and to impose a cone of silence and/or confusion around its own potential whistleblowers, the country might well have to deal with their Stuxnet-like weapon’s Stuxnet-like side effects.
When the engineer cut off his computer and took it home, Stuxnet was let out of its cage, didn’t notice that it wasn’t in an Iranian nuclear facility anymore, and blithely continued to infect SCADA systems, eventually infecting an undetermined amount of computers – estimated to be in the series of tens of thousands of computers around the globe.
Stuxnet was primarily designed to sabotage industrial machinery. Duqu looked to be designed for espionage, mainly information connected to industrial systems – potentially information that could fuel future attacks similar to those of Stuxnet.
In additional words, if South Korea recreates Stuxnet, there’s reason to fear that it could unleash a whole fresh Pandora’s box full of related malware.
UK retailer Tesco has been forced to suspend 2,239 customer accounts after a list of email addresses, passwords and Clubcard voucher balances was posted online.
The list of user information, dumped on a popular text sharing site on Tuesday evening, was at first thought to be fake until some Twitter users started testing username and password combinations, discovering that they did indeed job.
A little number of users also contacted the BBC, via email addresses published as part of the dump, to confirm that their accounts had been suspended.
The security breach does not appear to have come from Tesco’s end though. The supermarket giant said the information must have been compiled by taking user particulars obtained from breaches at other websites – presumably users who had reused email addresses and passwords across multiple accounts.
Though it is not known exactly where the client details came from at this time, you don’t have to look very far to see examples of where the crooks could have got hold of at least some of the data.
In October Adobe admitted that cyber criminals had appropriated account details for 38 million of their customers.
Some Tesco.com users told the BBC that Clubcard vouchers they had earned had been stolen, though the amounts reported were quite small.Tesco announced that it would offer replacement vouchers to all of those affected.
So let this serve as a timely reminder to use different, difficult passwords for every account that you have online. or else, once one is compromised, all of your accounts become vulnerable.
Hacker group NullCrew claims to have broken into Comcast’s servers today, exploiting a vulnerability reported in December 2013, but not patched.Over the weekend of 01 February 2014 the hacker group also claimed credit for performing a SQL injection attack against telecom supplier Bell Canada.
Bell170They were able to access account login and password information for more than 22,000 little industry customers of Bell’s internet service.The attackers allegedly contacted Bell client support two weeks before the disclosure.
The client service representative clearly didn’t understand the gravity, nor did they escalate to someone who did.
From what we can tell the similar thing happened when NullCrew hacked Comcast.It appears that Comcast, the largest internet service provider in the United States, uses Zimbra as an inside communications platform.
NullCrew exploited an unpatched safety vulnerability to gain access to usernames, passwords and other responsive details from Comcast’s location.They posted the purloined data on pastebin and taunted the industry on Twitter.
Sometimes it appears there is nothing we can do to protect ourselves, but in this case I think there is a valuable lesson.NBCComcast170The vulnerability exploited by the attackers was disclosed and set in December 2013. While that isn’t forever ago, it is enough time that it could have been remedied.
None of us can assume that it will take time, particularly 60 days, for criminals to determine they can take benefit of flaws in our programs.We may have had the luxury of waiting 30 or even 120 days in the past, but today we must continue an accurate and up to date inventory of all software that is deployed and patch it immediately.
Facebook. Image courtesy of ShutterstockSocial networking behemoth Facebook revealed last week that it had 757 million every day active users (DAUs) during December 2013, a year-on-year increase of 22%.
New figures from the company’s fourth quarter earnings report show 1.23 billion monthly active users (MAUs) during the similar month, of which 945 million accessed the service through mobile.
According to the company’s own 10-K filing, the answer would seem to be “no” due to the reality that a large number of accounts may, in fact, be false.
While these numbers are based on what we believe to be reasonable estimates of our user support for the applicable period of measurement, there are inherent challenges in measuring usage of our products across big online and mobile populations around the world.
Facebook estimates that between 4.3% and 7.9% of its monthly active users were individuals signing in with more than one account, despite the fact that duplicate accounts are against its terms of service.
A further 0.8 percent to 2.1 percent of monthly users are believed to have been using misclassified accounts, used to represent something other than a real human customer, i.e. accounts created for pets, businesses or organisations.
Some 0.4 to 1.2 percent of accounts are said to be ‘undesirable’ because they have been created to violate Facebook terms of services by, for example, being used to send spam messages or new types of malicious links or content.
Put together, this would suggest that between 5.5% and 11.2% of all accounts on Facebook are either spare, malicious or otherwise ‘fake’.
Based on Facebook’s own figures, this means that anywhere from 67 up to 137 million monthly users are not as they may at initial seem.
Facebook believes there may be some geographical differences in the use of duplicate or false accounts though. Interestingly, it believes that the more developed markets in the US and UK are less prone to ‘fakes’.
Facebook also admitted that due to such restrictions, other figures, such as client age data, may not be entirely accurate.Whether the number of fake accounts is growing or shrinking is hard to say due to the fact that Facebook has now chosen to present a range of variables.
Previously, the company’s first earnings report gave a more precise figure of 8.7%, which equated to 83 million financial records.
The FBI has announced that one of the most important creators of the SpyEye banking malware kit has pled guilty in an Atlanta, Georgia court.
Aleksandr Andreevich Panin, a Russian national, admitted to being one of the main developers and distributors of the banking malware, planned to cooperation PCs and connect them to botnets of equally backdoored systems.
The most important purpose of the hijacks was to harvest banking login details through various methods, and feed data back to its operators. Later versions also targeted Android phones.
Panin’s making formed the basis of a main marketable enterprise, with the malware sold to over 150 consumers through underground cybercrime forums.
These clients then ran their own operations, connecting them infecting upwards of 1.4 million systems and stealing huge amounts of cash from compromised bank accounts – one operator alone is thought to have scooped up over $3 million in just six months, and over 10,000 bank financial records are thought to have been accessed in 2013 alone.
The inquiry hinged on the seizure of a command-and-control server in the Northern District of the US state of Georgia in early 2011. Following this, undercover FBI agents contacted Panin to buy a copy of his malware, reported to be advertising for between $1000 and $8500.
This led to a 23-count indictment being brought in December 2011, top Panin and Bendelladj. Bendelladj was picked up at an airfield in Thailand en route to Algeria, and extradited to the US in May of 2013.
Panin made the mistake of taking a flight between through Atlanta airport, and he was under arrest there in July 2013. His guilty plea was entered on 28 January 2014, and he is scheduled for sentencing in April 2014.
At least four other arrests have been made in link with Panin and SpyEye, in territories as well as the UK and Bulgaria.
The FBI also credit fellow law enforcement agencies in Australia, the Netherlands, the Dominican Republic and Thailand, making for another major universal case showing impressive cooperation across borders.
This success seems to challenge the current gripes of a top UK lawyer, who complained that police don’t make sufficient effort to combat cybercrime and banking fraud.
Target didn’t specify how the theft was carried out nor what portal the thieves crept in through to commit the massive theft, which Target first established in mid-December.
But even though goal didn’t give any details of the theft-via-vendor news, its actions point to possible vectors.
Particularly, as the WSJ reported last week, shortly after knowledge of the attack, Target shuttered remote access to two internal systems: a human resources website called eHR and a database for suppliers called Info Retriever.
A spokeswoman told set of connections World that in order to secure its network, in addition to turning off remote access to platforms, Target has also updated access controls.
In-depth details that originally came out of the forensic inquiry were later scrubbed by security firms, but safety blogger Brian Krebs has published copies of the original reports.
At this point, the US Department of Justice (DOJ) is investigating the breach, Attorney General Eric Holder told the US Senate Judiciary Committee on Wednesday.
The DOJ typically doesn’t discuss matters under inquiry, Holder said, but it’s making an exception in the case of this massive breach.
The theft, which apparently started the day before Thanksgiving, 27 November, and reached through the heart of Christmas shopping mania up until 15 December, involved the breach of information including client names, credit or debit card numbers, card expiration dates, and CVVs.
Goal admitted a few weeks ago that it found malware on its point-of-sale (PoS) systems.
In fact, PoS theft is becoming so widespread that the US Federal Bureau of Investigations (FBI) recently warned retailers about it, saying that it’s been seeing the same type of malware cropping up since 2011.
The organization said that over the past year, it’s seen about 20 cases in which data was stolen using the same type of malware as that inserted onto Target’s credit and debit card swiping-machines, cash registers and other PoS equipment.
It’s not going away anytime soon, that’s for sure: the FBI says the profits are huge, and the PoS malware is both too inexpensive and too widely available on underground markets for thieves to resist.
Mind you, we don’t really know yet whether rigged PoS devices are behind either the Target breach or the one that hit Michaels.
It certainly wouldn’t knock anybody’s socks off if PoS malware were to be involved, though.
As SophosLabs researcher Numaan Huq describes in an article about RAM scraper malware, this type of card scam is ripe for setting us up to get card data plucked from our hands if we pull out the plastic to buy so much as a bar of chocolate.
In fact, “Buy candy, lose your credit card” is the name of a 2014 RSA safety conference session in which Numaan and Chester Wisniewski will be presenting a paper on the industrialization of this exacting type of card fraud, in February.
ATMs are usually made of molded plastic and have to be attached onto cash machine hardware. The color and texture could well not match, the fit likely won’t be exact, and the skimmer could be a little loose.
In fact, when Australian detectives warned about skimmers during the holiday season back in 2012, the advice we passed on was to grab anything device you’re putting your card into and give it a good wiggle.
That, clearly, is no help here, given the internally installed skimmers used, but I pass it on because it’s good advice in other skimmer scenarios.
At any rate, having Bluetooth-enabled devices made it easy for thieves to get at the stolen data without having to physically remove the skimming devices.
Not that wireless-enabled credit card skimmers are new, mind you. safety journalist Brian Krebs has cataloged all sorts of skimmers, with some that even send information to fraudsters’ phones via text message.
With their Bluetooth-enabled card skimmers, the defendants in this case supposedly spent just over a year – between 26 March 2012 and 28 March 2013 – using the forged cards at ATMs in Manhattan, siphoning funds out of their victims’ accounts in increments under $10,000.
Credit cards. Image courtesy of ShutterstockKeeping the withdrawals under $10,000 avoided money transaction reporting requirements.
They then allegedly deposited the stolen money into their own bank accounts in New York.
Originally arrested and charged on 21 March, 2013, the four lead defendants are now facing a 426-count indictment with felony charges of money laundering, criminal control of stolen property, grand larceny, criminal possession of a forgery device, and criminal possession of forged instruments.
Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users.
In fact, it was somewhat more than that: it was one of those “undelivered courier item” emails linking to a dodgy web server that guessed whether you were running Windows or OS X, and under fire you accordingly.
You’re probably familiar with “undelivered item” scams.
The idea is surprisingly simple: you receive an email that claims to be a messenger company that is having trouble delivering your article.
In the email is a link to, or an attachment containing, what purports to be a tracking note for the item.
You are invited to review the applicable document and respond so that delivery can be completed.
We’ve seen a wide multiplicity of courier brands “borrowed” for this purpose, including DHL, the UK’s Royal Mail and even, in one bewildering case, a made-up courier company called TNS24, with its very own website, featuring its very own amusingly ill-Photoshopped planes, ships and automobiles.
But a competently-executed courier scam can be fairly persuasive, particularly if the criminals behind it know enough about you to create what becomes a targeted attack.
Even a modest amount of detail can do the trick.
For example, the crooks will sound a lot more believable if they know your address and phone number; are conscious of what you do in your job; and have a general idea about some of the projects you are working on right now.
Of course, if you open the attachment or click on the link in one of these scams, you are immediately put into harm’s way: the attachment might try to activate an exploit in your unpatched copy of Word, for instance, or the link might attack an unpatched Java plugin in your browser.
Here’s what the emails looked like in this attack, with some details changed or redacted for safety.
If you are a native speaker of English, you will notice that the wording of the email is clumsy and unidiomatic, and if you were to receive a message like this you might well be distrustful on those grounds alone.
But if Mr Sidebottom really is in the engineering business, and regularly deals with inbound papers from courier companies around the world, an email of this sort could easily pass muster.
The link, of course, doesn’t really lead to fedex.com.ch, but instead takes you to a domain name that is controlled by the attackers.
If you are on a mobile device, the server delivers an error message.
If you are using a desktop browser that isn’t Safari, you receive a ZIP file containing a Windows program detected by Sophos Anti-Virus as Mal/VBCheMan-C, a unclear relative of the Zbot or Zeus malware.
At least 40% of South Korea’s entire population – some 20 million people – have hadtheir names, social protection numbers and credit card details ripped off and sold to advertising firms in the nation’s biggest-ever theft of personal information.
It’s looking like an inside job.
The theft has been traced back to an IT service provider working for a company called the Korea Credit Bureau, which produces credit scores, the BBC reports.
The worker purportedly copied the massive trove of data onto a USB stick.
He’s been arrested, all along with two managers at the marketing firms who were purportedly willing buyers of the data.
According to the BBC, early news point to the contractor, an engineer, being able to get his hands on the data courtesy of Korea Credit Bureau’s access to databases run by three big South Korean credit card firms.
The Wall Street magazine reports that the chiefs of those credit card firms – KB Kookmin Card, Lotte Card, and NH Nonghyup Card – have in public apologised for the leaks.
Prosecutors earlier this month alleged that the engineer stole the data between May 2012 and December, according to the WSJ.
Executives at the credit card companies have offered to resign.
One of those resignations – that of the head of NongHyup’s card business, Sohn Kyoung-ik – was straight away accepted, while resignations at the other companies are pending decisions from a company board or chairman.
Although the personal information was leaked, it hasn’t yet been distributed, Financial Services Commission Chairman Shin Je-yoon told reporters on Monday.
The card issuers said that customers wouldn’t be responsible for any future fraudulent charges.
An official at Korea’s national financial regulator, the Financial Services Commission, said that the data was easy to steal, known that it was unencrypted and that the credit card issuers didn’t know it had been copied until investigators told them about the theft, the BBC reports.
As far as insider jobs go, this one’s pretty bad if the engineer turns out to be guilty of the crimes with which he’s charged.
The data should have been encrypted, and those trusted with handling it should have been a lot more deserving of that trust.
Deep sympathy to the 20 million Koreans targeted because of the protection lapses involved in this debacle.
You’d think we’d have learned by now, in the wake of the Bradley/Chelsea Manning “Wikileaks” saga of 2010, in which decades of confidential US State Department cables were siphoned off without anyone noticing that one person had been drawing down impossibly large tranches of data onto removable media.
is dedicated to all the hardworking people who have
been scammed by the spammer or 419 scam frauds. Although
our site concentrates on providing awareness of Nigerian
419 spam (scam), scam baiting, advance fee fraud,
scam phising, also we deal with other types of fraud
such as letter spam, e-mail scam, lottery spam as
well. You can go through our scam baiting tips, it
is just amazing way to deal with the spammer or scammer.