Anonymous retaliation

Anonymous

Anonymous strikes MPAA, Universal Music Group, RIAA, BMI, DoJ and many more as retaliations for the Megaupload take down. A new operation #OpMegaupload is on and hackers from all over the world show their anger against the shut down of the biggest file sharing network. Megaupload and Megavideo had a respective percentage of internet traffic and it is a huge loss for file sharing. Hackers try to coordinate their attacks against the ones responsible for Megaupload and they take down their websites mostly with DDoS attacks. Now almost every company that makes music, movies or T.V is a target. This is the first time I see so massive attacks and coordination among the hacking community. This move made many people angry and they will not stop until they see some justice. On the other hands, media companies report that the take down of their website is a minor thing regarding what they achieved with Megaupload case. Twitter is on fire about the operation #OpMegaupload.

Virus found on JAXA’s data terminal

Japan Aerospace Exploration Agency (JAXA) have discovered a computer virus on one of their data terminals. They believe that the virus gathered sensitive information. They are investigating on how the specific computer was infected. Information about the unmanned vessel H-2 Transfer Vehicle and its operations are believed to be compromised. In addition, the attacker that put the virus there knew the login credentials of the employee who was working on that terminal. The virus was found on Jan 6 2011 but the same terminal was also infected on Aug 2011. The only sure thing is that JAXA will increase the security to prevent malware infections in the future.

Israeli hackers strike back

Israeli hackers are in a war with Saudi Arabian hackers and both parties increase their attacks. Israeli hackers published some credit card details but according to a Saudi Arabian hacker called OxOmar those credit card details were invalid and he called them idiots. After that he published valid Israeli credit card details as retaliations. In the past few days we have seen an escalation of hacking attacks and yesterday Israeli hackers stroked back by taking offline Saudi Arabian and United Arab Emirates stock exchange sites and called Saudi Arabian hackers lamers. The access to both stock exchange sites was restored but Haaretz confirmed that the sites were down. The war is far from end and we will see more attacks in the following days. There are some serious players/hackers in both sites and Israeli hackers warned that they will move to the next level if SA hackers continue to attack by taking down stock exchange sites for weeks or months.

xOmar can not be found

A Saudi hacker called OxOmar claims that he can not be found. After some Israeli hackers exposed credit card details, which were invalid, he responded by publishing 200 valid credit card details daily. He described those Israeli hackers as idiots and he sent a message to agencies that they can not find him. Being confident, he even described the method he uses to hack. The method is simple but yet very effective. He creates a website using a browser based exploit and then he mails a URL having the exploit page as a hidden iFrame and infects many computers with his bot. The bot is written by xOmar in C++ from scratch. In addition to other bots he putted an encoded SOCK5 protocol.

Pirate Bay is blocked by a Finnish ISP

Helsinki District Court forced one of the biggest Finnish Internet Service Providers (ISP) to block access to The Pirate Bay. Anonymous have targeted the Copyright Information and Anti-Piracy Centre (CIAPC) that persuaded the court to take such decision. After a while, there was a twitter that CIAPC site (http://www.antipiracy.fi) was down and it is still down while I am writing this post. Elisa, the ISP that was forced to block access to Pirate Bay, has stated that they will try to revert this in supreme court. Nobody wants to loose customers and if that continues I am sure that a large group will move from Elisa to another ISP. Censorship is not tolerated and people get upset by actions like this one.

Lilupophilupop infected one million pages

A month ago Internet Storm Center (ISC) reported that Lilupophilupop is infecting web pages by injecting a code string in them. If your page was injected with that string it means you have a coding issue and to avoid it you need to validate input, all parameters your application accepts. Now, a month later, about a million pages are infected by Lilupophilupop with SQL injection. Most infected websites belong to Netherlands (have a .nl extension) and are about 123000. In the second place we have about 68000 fr sites followed by 56000 uk sites. The number of infected pages increases and it is mostly based on the ignorance of the web developers. Sadly, most of the web developers don’t pay attention to the security of the systems and applications they create. This allows attackers to exploit the security holes and have such results.

Iran government websites on local server

Most of Iran government websites, about 90 percent, are moved and are now hosted on local server instead of foreign-based hosting providers. Iranian officials said that data was at risk and could be accessed at any moment. With this move they will reduce the cyber attacks and prevent affections from malicious software. In my opinion, all government websites of every country should be hosted on local servers. Iran was forced to do that because a malicious software named Stuxnet affected several computers and centrifuges used in its nuclear programme. Iran launched a special police unit to fight cyber crime, both hackers and crime committed on social networking websites like Facebook.

An Android Backdoor without permissions

Thomas Cannon, a security expert have developed an app that can install a backdoor in Android smart phones. The app does not exploit any security holes and it does not require any permissions. The app is able to give a remote shell to an attacker and allow him to execute commands on the device. The attacker could be anywhere in the world and execute the commands remotely. The app is not an exploit, it uses Android as it was designed to work. The app in a clever way can establish a two-way communication channel and it works on all Android versions from 1.5 to 4.0 (Ice cream sandwich).

Greek Hacking Scene Hacked Coca-Cola Norway Website

Coca-Cola Norway website has been hacked by Greek Hacking Scene (GHS). This was the first attack of the operation Greek Hacking Scene vs Corruption and it was executed by the hacker called Napsterakos. Internal links of the website were defaced and they were replaced by the message of Napsterakos “when the future is based on lies, then everyone is corrupted…”. Coca-Cola added strong security to that website long before the attack but it was apparently not enough to prevent the attack. We will wait to see the next target of the Greek Hacking Scene.

AlpHaNiX defaced Google, Gmail, Youtube, Yahoo and Apple

Hacker AlpHaNiX defaced Google, Gmail, Microsoft, Hotmail, Youtube, Samsung, Yahoo and Apple domains of Democratic Republic of Congo by using DNS cache poisoning. He altered the Domain Name System (DNS) records which show to which IP a website points to and instead of pointing to the original servers they were pointing to hacker’s IP. With this way when a user was trying to visit for example google.cd, instead of seeing Google’s page he was seeing hacker’s page with the message that the website was hacked by AlpHaNiX (Haxored by AlpHaNiX). We see the domain names of the biggest IT companies poisoned and understand that security in more fragile than we used to think.