Hacking Team Hacked, Attackers Claim 400GB In Dumped Data

On Sunday, while most of Twitter was watching the Women’s World Cup – an amazing game from start to finish – one of the world’s most notorious security firms was being hacked.

Specializing in surveillance technology, Hacking Team is learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

https://twitter.com/oscaron/status/618150252655173632

Source: [csoonline]

In Search of The Most Dangerous Town On the Internet

Watch the cybercrime documentary profiling the Romanian town nicknamed “Hackerville” or “Most Dangerous Town on the Internet.” Convicted blackhat hackers, like Guccifer (real name), talk worms, viruses, social engineering, identity theft, and even hacking Hillary Clinton’s email.

At 10:48 an eBAY scammer with an unknown identity from Bucharest says:

My English is not so good, but this is the message: “Every American to open wide their eyes, because something very wrong is going to come to them this year. They are so comfortable in their life, and they don’t want to hear that.”

Private Investigator Snooped On E-Mail Of Scientology Critics

Eric Saldarriaga, a private investigator from Astoria, New York, was received a sentence of three months imprisonment, three years of supervised probation, and a $1,000 fine in federal court for his part in a conspiracy to hack into the e-mail accounts of more than 50 individuals as part of his investigations. Among his victims are two prominent critics of the Church of Scientology, both of whom were recently featured in the book and HBO documentary film Going Clear. Update: Saldarriaga .

Who were Saldarriaga’s clients? That remains unclear; court documents haven’t revealed it, and the transcripts of his guilty plea are still held by the court awaiting redaction. But both Scientology critics are now convinced that it was the church which set Saldarriaga on them. “There can be no doubt that one of Mr. Saldarriaga’s clients is Scientology,” Mike Rinder, a former Scientology official and one of the victims notified by the US Attorney’s Office, said in a written statement sent to the court.

Here’s how the hacks happened. According to a sentencing letter filed by the US Attorney’s Office for the Southern District of New York, “Between at least 2009 and March 2014, through certain services advertised on the Internet (the ‘Hacking Services’), the defendant hired other individuals to hack into, i.e., to gain unlawful and secret electronic access to, the e-mail accounts of almost 50 different individuals (collectively, the ‘Victims’). For certain victims, the defendant attempted to gain unlawful access to more than one e-mail account. In total, the defendant hired the Hacking Services to attempt to hack into, and provide the defendant with unauthorized access to, at least 60 different e-mail accounts.”

The government has not named the individuals hired by Saldarriaga to perform the mail hacking, but it describes them as “known and unknown”—so cases against them are likely pending. Saldarriaga, who also used the alias “Emmanuela Gelpi” in Internet communications, would contact the “Hacking Services” by e-mail to request the username and password for specific targets’ accounts; when successful, the hackers would e-mail back a screenshot of the targets’ e-mail inbox and demand payment, usually via PayPal. They would then pass along the login credentials for the e-mail account, and Saldarriaga would log in—sometimes to gather information for clients, and sometimes “to investigate individuals in which the defendant was interested for personal reasons,” Assistant US Attorney Daniel Noble wrote in his sentencing memorandum to the court.

Full Story @ [arstechnica]

Adobe Flash Player Zero-Day Used by Chinese Cyber Espionage Group

Victims are lured with a generic phishing email whose text is very similar to spam messages. In an example provided by FireEye the bait used was an offer for a refurbished iMac system certified by Apple, with a discount between $200 and $450 (€180 – €400); the email further enticed the recipient with availability of one-year extendable warranty for the product.

Clicking on the provided link redirected to a server with scripts that checked if the visitor’s computer was worth compromising. If it presented no interest, the user would receive non-harmful content; otherwise, the victim was served malicious SWF and FLV files. The vulnerability exploited in the attack is a heap buffer overflow, now identified as CVE-2015-3113.

FireEye says that the attack code relies on common vector corruption techniques to get past the Address Space Layout Randomization (ASLR) protection from buffer overflow events; it also relies on a new ROP (Return-Oriented Programming) technique to bypass Data Execution Prevention (DEP) and other protection mechanisms, such as ROP detection.

The latest campaign from APT3 has dubbed Operation Clandestine Wolf and the researchers say that it is also responsible for other previously identified campaigns (Operation Clandestine Fox) and it is known for producing browser-based zero-day exploits for Internet Explorer, Firefox and Flash Player.

Source: [Softpedia]

Secret Service, SEC Hunting for Wall Street Hackers

The Securities and Exchange Commission has asked for information regarding data breaches from at least eight companies, Reuters reports. The request is an unprecedented move for an insider trading probe which reflects growing concerns over cyber security.

“The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading,” John Reed Stark, former head of Internet enforcement at the SEC told Reuters, calling the Commission’s outreach to the companies an “absolute first.”

While the SEC is investigating FIN4’s exact methods for tricking employees into giving up passwords, the FireEye report speculated that the hackers were either American or European, because of their perfect English and thorough knowledge of the financial system.

“What was insidiously brilliant was that they could inject themselves into email threads and keep gleaning information,” said Laura Galante, FireEye’s manager of threat intelligence. “They really knew their audience.”

The hackers used fake Microsoft Outlook login pages to trick employees into giving away their passwords, and in once case, used confidential information from a previously obtained document to spur an email conversation and lure people into revealing credentials.

Source: [Sputnik News]