Category Archives: Web -Ware

Black Hat Google Hacking Goes After China – www.esecurityplanet.com

Search engines aren’t just for finding Web content, they can also be valuable tools for security research.

At Black Hat 2010, researchers from Stach and Liu released Google and Bing tools called GoogleDiggity and BingDiggity. Those tools enable researchers to leverage those search engines to find security vulnerabilities in websites and applications. For Black Hat 2011, the researchers are back and this time they’re expanding their tools providing new capabilities to find and indentify security risk with the help of search engines.

“This year we’re adding a whole host of tools including a Windows desktop application as well as an iPhone app,” Stach and Liu security researcher Francis Brown said.

via Black Hat Google Hacking Goes After China – www.esecurityplanet.com.

Advertisements

The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune

When gmail accounts of some of the US state officials were hacked two weeks ago, the Defence Department categorized any serious cyber attack, as an act of war. Since Google had tracked down the source of the attack to a certain province in China, it was all too clear that the Pentagon was not beating about the bush while taking the cyber threat seriously. The gmail attack came hot on the heels of another high-profile attack – Lockheed Martin Corporation, the high-tech defence firm.Having been annoyed by implicit accusation, China hit back at Google by warning that the company would face the music, if it accused the Chinese government of covert involvement.

The disturbing cyber nuisance did not end there. The servers of

Sony

, the entertainment giant, were subjected to two successive hacking within a matter of days. On the first occasion – the more serious one – the accounts of millions of had been hacked into and then details were stolen; the servers of

Nintendo

suffered the same fate. On June 3, the servers of

Codemasters

, the largest UK game publisher, were hacked. The hackers did not spare even the

National Health Service

of the UK; there has been a breach of security in some servers, according to media reports.

The spate of attacks has pushed millions of online users, not necessarily the folks who play games, into a state of perpetual anxiety. Since the hackers have been able to stay a few rungs above the security experts along the learning curve, it’s high time the threat was treated as something against the whole online community, not just selected strata of it.

The companies, which have been affected, are counting the cost in terms of loss of both revenue and reputation. Although, they assure the customers of better security mechanisms in future – and when the horse had left the barn, of course – restoring customer confidence is going to be an uphill struggle for the companies in question.

According to the details that came out so far, the hacking had been performed by duping the customers into web pages which looked identical to what they normally had been familiar with; once signed in, they had been taken for a ride, to say the least.

So, the companies affected implied that the customers should not have done that; well, how do ordinary folks distinguish between a real one and a fake one, when they look almost similar? The explanations have not gone far enough to address the serious side of the issue; all they can say is warning the public to be on their guard at all times – and they already are.

These high profile hackings are not the works of adventurous individuals, carried out in their bedrooms as a way of fighting boredom. Nor are they the works of teenagers, who could spare hours on computers in typing in endless combinations of characters into login names and passwords, in the hope that one of them would make them lucky by pure chance – one day. The nature of sophistication clearly shows the involvement of highly organized individuals – perhaps, with a substantial technical background – who are prepared to break hell lose, if they can get away with it.

The two groups, which are at the forefront of hacking, are Anonymous and LulzSec. The former claims to be a ‘leaderless structure’ while the latter introduces itself as the ‘world’s leaders in high-quality entertainment at your expense.’ Who can disagree with them?

Anonymous has been in the habit of hacking into government websites in order to teach them a ‘lesson’; it was at its peak of activities, known as ‘hacktivity’, when Wikileaks were coming out in dribs and drabs. LulzSec, meanwhile, claims that since fun is restricted to Fridays, they are going to extend it beyond that – and to the weekend. Whether what is fun for LulzSec, is certainly fun for everyone, remains to be seen in the days ahead!

In addition, there are clumsy hackers too. I keep getting an email from one such stupid hacker, who is in the habit of urging me to collect a parcel from a well-known courier service while clicking on a link provided. However, he could not completely conceal the tentacles of idiocy: the ‘To’ field of the email consists of a chain of email addresses, not just mine. So, I decided to keep getting the emails for academic purposes, without diverting them into a spam folder.

If a user can be duped by such an email, then of course, big companies cannot be blamed for mistakes of that kind. In short, users have to be a bit responsible too while login into similar-looking web sites and opening unsolicited emails.

As the menace of hacking reached fever pitch, some countries in South East Asia have started cracking down on potential hackers – finally. The arrests have been made in Malaysia, Indonesia and Taiwan. However, this is just the tip of the colossal iceberg.

The geography of the places where hackers were found, the time taken before the action being carried out and the abundance of other regional criminal activities, do not paint a serene picture for the online community in particular, and the law-abiding global citizens in general.

If the governments in question keep treating the threat as trivial or non-existent, the trend can easily give a cumulative nasty shock for all of us at an unexpected time – something from which we may not recover without paying a heavy collective price.

via The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune.


The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune

When gmail accounts of some of the US state officials were hacked two weeks ago, the Defence Department categorized any serious cyber attack, as an act of war. Since Google had tracked down the source of the attack to a certain province in China, it was all too clear that the Pentagon was not beating about the bush while taking the cyber threat seriously. The gmail attack came hot on the heels of another high-profile attack – Lockheed Martin Corporation, the high-tech defence firm.Having been annoyed by implicit accusation, China hit back at Google by warning that the company would face the music, if it accused the Chinese government of covert involvement.

The disturbing cyber nuisance did not end there. The servers of

Sony

, the entertainment giant, were subjected to two successive hacking within a matter of days. On the first occasion – the more serious one – the accounts of millions of had been hacked into and then details were stolen; the servers of

Nintendo

suffered the same fate. On June 3, the servers of

Codemasters

, the largest UK game publisher, were hacked. The hackers did not spare even the

National Health Service

of the UK; there has been a breach of security in some servers, according to media reports.

The spate of attacks has pushed millions of online users, not necessarily the folks who play games, into a state of perpetual anxiety. Since the hackers have been able to stay a few rungs above the security experts along the learning curve, it’s high time the threat was treated as something against the whole online community, not just selected strata of it.

The companies, which have been affected, are counting the cost in terms of loss of both revenue and reputation. Although, they assure the customers of better security mechanisms in future – and when the horse had left the barn, of course – restoring customer confidence is going to be an uphill struggle for the companies in question.

According to the details that came out so far, the hacking had been performed by duping the customers into web pages which looked identical to what they normally had been familiar with; once signed in, they had been taken for a ride, to say the least.

So, the companies affected implied that the customers should not have done that; well, how do ordinary folks distinguish between a real one and a fake one, when they look almost similar? The explanations have not gone far enough to address the serious side of the issue; all they can say is warning the public to be on their guard at all times – and they already are.

These high profile hackings are not the works of adventurous individuals, carried out in their bedrooms as a way of fighting boredom. Nor are they the works of teenagers, who could spare hours on computers in typing in endless combinations of characters into login names and passwords, in the hope that one of them would make them lucky by pure chance – one day. The nature of sophistication clearly shows the involvement of highly organized individuals – perhaps, with a substantial technical background – who are prepared to break hell lose, if they can get away with it.

The two groups, which are at the forefront of hacking, are Anonymous and LulzSec. The former claims to be a ‘leaderless structure’ while the latter introduces itself as the ‘world’s leaders in high-quality entertainment at your expense.’ Who can disagree with them?

Anonymous has been in the habit of hacking into government websites in order to teach them a ‘lesson’; it was at its peak of activities, known as ‘hacktivity’, when Wikileaks were coming out in dribs and drabs. LulzSec, meanwhile, claims that since fun is restricted to Fridays, they are going to extend it beyond that – and to the weekend. Whether what is fun for LulzSec, is certainly fun for everyone, remains to be seen in the days ahead!

In addition, there are clumsy hackers too. I keep getting an email from one such stupid hacker, who is in the habit of urging me to collect a parcel from a well-known courier service while clicking on a link provided. However, he could not completely conceal the tentacles of idiocy: the ‘To’ field of the email consists of a chain of email addresses, not just mine. So, I decided to keep getting the emails for academic purposes, without diverting them into a spam folder.

If a user can be duped by such an email, then of course, big companies cannot be blamed for mistakes of that kind. In short, users have to be a bit responsible too while login into similar-looking web sites and opening unsolicited emails.

As the menace of hacking reached fever pitch, some countries in South East Asia have started cracking down on potential hackers – finally. The arrests have been made in Malaysia, Indonesia and Taiwan. However, this is just the tip of the colossal iceberg.

The geography of the places where hackers were found, the time taken before the action being carried out and the abundance of other regional criminal activities, do not paint a serene picture for the online community in particular, and the law-abiding global citizens in general.

If the governments in question keep treating the threat as trivial or non-existent, the trend can easily give a cumulative nasty shock for all of us at an unexpected time – something from which we may not recover without paying a heavy collective price.

via The Alarming Growth of Global Cyber Menace – Hacking | Asian Tribune.


Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times

 

Lockheed Martin just recently admitted that it was hacked on May 21, 2011.  It managed to stop the “tenacious” attack before any critical data was stolen.

Back in October 2008, Lockheed Martin launched its cyber-defense operations.  It bragged that it wanted a piece of the red-hot cyber security industry.

 

Warfare

It’s shocking, therefore, that hackers are now bold enough to target a company that specializes in defending against them.

The cyber security industry is worth $40 billion in 2010, according to Federated Networks, a player in that industry. After several incidents in the last two years, however, it’ll probably get even bigger.

In late 2009, Google and other high profile tech companies like Adobe Systems were hacked fromChina.  The purpose of the attack was reportedly to steal intellectual information and access certain Gmail accounts.

In late 2010, a loose-organized internet vigilante group called Anonymous organized an attack on Visa and MasterCard for their anti-Wikileaks stance.  The attacks brought down the two companies’ websites.

In April 2011, Sony‘s PlayStation Network was hacked, forced to shut down for weeks, and user credit card numbers were likely stolen.  Sony was hacked by either internet vigilantes affiliated with Anonymous or thieves looking to steal credit card numbers.

These instances of hacking teach us two things: hacking can do serious damage to society and it’s surprisingly easy to perpetrate.

Hacking Google, for example, means gaining access to the most private information of individuals.  Hacking tech companies in general means gaining key intellectual information, which is their lifeblood.

Hacking defense contractors like Lockheed Martin is a matter of national military security.

The hacking of MasterCard and Visa demonstrates the utter unpreparedness of major corporations.  It shows that a group of rule-breaking enthusiasts can trump Fortune 500 companies.  In the physical/real world, something like that would be unimaginable.

Corporations, governments, universities, and consumers in general aren’t prepared for cyber attacks.

Many experts had predicted the rising importance of cyber security ever since it became clear that cyberspace would be an integral part of modern society.

Hackers, however, haven’t really done too much damage until the last two years because criminals and other rule-breakers (e.g. unscrupulous government agencies) didn’t seriously incorporate cyber attacks into their repertoire.

Now, they have and are finally giving hacking the organizational backing it needs to do some serious damage.  In other words, hacking has changed from being a crime perpetrated by loose-organized operators for petty gains to an operation backed by major crime syndicates and other powerful organizations for more nefarious and impactful purposes.

Society at large, therefore, needs to beef up its cyber security.  It needs to resemble the robustness of security in the physical world.

The US, for example, has a network of police force at every single municipality and state to deal with local criminal threats.  On the national level, it has the FBI and a standing army.

As cyber crimes have moved to the major leagues, cyber security needs to do the same.

 

Lockheed Martin hacked, cyber crime steps up to major leagues – International Business Times.