It seems that hacking activity is on continuous rise. It appears that the guys in the wild do not take any break or rather there is no specific season for hacking; its 24×7 on all 365 days…..

Amongst others, following are some of the recent hacking activities:

• Harvard University website hacked by Syria protesters
• 75 Indian Govt and University Sites hacked including Patiala Police
• The Council on Governmental Ethics Laws (COGEL) hacked and complete database dumped
• Anonymous Austria post via the official Twitter account about 25,000 records Austrian police officers
• Mysql.com website hacked
• USA Today Twitter account hacked
• 700,000 sites on Inmotion Hosting Server hacked
• Core Security Technologies website defaced

Phew… there are many more and still counting

Related articles

• USA Today Twitter Hack of the Day (geeks.thedailywh.at)
• Harvard Web site hacked with pro-Syria message (news.cnet.com)

Around 3 months back we heard a news of “technical snag” which caused chaos in T3 of IGI airpot delhi. The internal team was doing invetigation since then and now they have concluded that the “technical snag” was a cyber attack. Its is believed that its was a malicous script sent from remote

As per Indian Express, CBI registering a case under the IT Act in June and started investigation. Investigators of CBI says that “malicious code” was in the form of “attack scripts”, which means a programme was written by an expert to exploit the system’s security weakness.

The check-in counters, transfers counters and boarding gates at the IGI are operated using the Common Use Passengers Processing System (CUPPS), maintained by Aeronautical Radio Incorporated (ARINC). The CUPPS operates on a common software-and-hardware platform that integrates all information such as an airline’s reservation system, the expected time of departure and the capacity at waiting lounges. The problem in CUPPS started at 2.30 am on June 29 due to which check-in counters of all airlines at T3 became non-operational.

“This forced the airlines to opt for manual check-in and as a result passengers had to wait. There are around 172 CUPPS counters and only a third were functioning online,” said an official. The investigation revealed that someone had hacked into the main server of the CUPPS and introduced a virus.

It took nearly 12 hours for the experts — from ARINC, Wipro and DIAL — to restore the system. The CBI was also called in as officials suspected it was a security breach. “We found that there were serious security lapses,” said a CBI official.

Image by kryptyk via Flickr

Oracle issued an emergency patch to fix a denial of service(DoS) vulnerability in Oracle HTTP server products that are based on the Apache Web server 2.0 and 2.2.

Attack Details
—————–
With this attack any exploiter can remotely send large chunk of data in the header without any authentication or requiring  any username and password. When the server tries to process the data, memory and CPU resources are exhausted, resulting in a DoS attack. This bug is known since long but a  security researcher [kingscope] posted an “Apache Killer” Perl script on Full Disclosure mailing list in August; which made it easier to launch such attacks.

National Vulnerability Database (NVD) has assigned a Common Vulnerability Scoring System (CVSS) score of 7.8 to this vulnerability – Common Vulnerability and Exposures -2011-3192.

Oracle strongly recommended customers to apply Security patch as soon as possible since this patch is released out of the regular quarterly cycle of updates.

A chinese documentary on military activities by mistake exposed a lot which was not intended.

Check out the video at 36s onwards. You’ll notice a nice UI (probably written in delphi) being used to launch attack

against an IP. The large writing at the top says “Select Attack Target.” Next, the demonstrator choose an IP address to attack from (it belongs to an American university). If you dig more online, you’ll find that the compromised IP 138.26.72.17 belongs to the University of Alabama in Birmingham (UAB).

The documentary was intended to praise the wisdom Chinese military strategists, and a typical condemnation of the United States, but accidentally it exposed the intent and activities Chinese Military University do.

As per  Jason Ma, a commentator for New Tang Dynasty Television: “This is the first time we see clearly that one of the top Chinese military universities is doing this research and developing software for cyber-attacks. There’s solid proof of it in this video”

Check out the full report by TheEpochTimes

As per china daily, last year china has suffered nothing less than 493000 cyber attacks. This was claimed  in a report by the country’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT/CC)

According to the report, 14.7% of the attacks came from US where as 8% came from Indian IPs.

Hackers tampered with nearly 35,000 web pages — including 4,635 government websites — in the past year, the report said, up 67.6 percent from a year earlier. It said 60 percent of websites of ministry-level government departments are at risk of being hacked.

Personally not sure how much to trust this news.

Security experts from McAfee have discovered the biggest series of cyber attacks to date. This one involves the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.

McAfee reported a five year long attack which affects

# Govt of

1.  US
2. India
3. Taiwan
4. South Korea
5. Canada

etc

Full report @ http://in.reuters.com/article/2011/08/03/idINIndia-58594520110803

Related articles

• Operation Shady Rat Is The Largest Cyber Attack Ever Uncovered [Hacking] (gizmodo.com)
• Biggest series of cyber-attacks in history uncovered (guardian.co.uk)
• Hackers target 72 organisations in ‘biggest cyber attack in history’ (telegraph.co.uk)

Image via Wikipedia

Security researchers [Sergey Golovnoav & Igor Soumenkov] at Kaspersky Lab have posted a detailed analysis of new botnet called TDL-4 and calling it as –>  the one that might just be “indestructible”. TDL-4 compared to previous versions is an updated algorithm encrypting the protocol used for communication between infected computers and botnet command and control servers.

TDL-4 is distributed via adult sites, bootleg websites, and video and file storage services where affiliates receive between $20 to $200 for every 1,000 installations of TDL. The [TDL-4] botnet have already infected  more than 4.5 million computers and is used by hackers to manipulate adware, search engines, to provide anonymous internet access and acts as a launch pad for other malware’s.

TDL loads into the MBR and messes with Windows memory even before the OS loads, injecting malware right into Windows right from the start when there is no security at place. [MBR: Master Boot Record is responsible for bootstrapping/loading the OS].

As per Kaspersky Labs “key threat” from TDL-4 type botnet is that even if the control servers are seized and shut down, botnet owners will not loose complete control because of its peer to peer networking capabilities.

TDL seems to be dodgy, well planned and smartly implemented and can be a tough analysis problem for security researchers. But History tells us its the ethical guys or investigators/security researchers have taken down all malware’s sooner or later and the challenge is open again for them.

Note:

• Conficker was taken down  last year.
• Rustock botnet [world's biggest source of SPAM] was shut down after Microsoft and US authorities located and seized its control servers.

Sosasta (Indian subsidiary of GrounOn) got compromised in a very easy & sasta(cheap) way.

A simple Google query exposed there database of  3,00,000 usernames and password. God knows when people will understand basic security of hashing the password. This si being covered in OWASP TOP 10 from many years (See https://www.owasp.org/index.php/Top_10_2010-Insecure_Cryptographic_Storage)

Discovered by: Australian security consultant Daniel Grzelak

First reporte to: http://risky.biz/sosasta

Company’s response: Groupon sent an advisory mail to all customers requesting passwod change

Related articles

• Groupon India (SoSasta.com) Suffers Security Issue, User Account Information Possibly Compromised (techie-buzz.com)
• Groupon India publishes 300,000 user passwords (go.theregister.com)

Cover of SEGA

Seems like all the attackers have started targeting games industry. After breaking into Sony(multiple times), Nintendo, Bethesda, Codemasters and Epic,  this time they have infiltrated into SEGA.

As per the mail sent out to sega customers

Dear ___,

As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

If you have any further questions please contact SEGA customer support on csescalations@sega.com

As soon as this attack surfaced at playstationlifestyle.net it was thought to be yet another attack by LulzSec but seems like they haven’t claimed any responsibility yet (sounds so much like terrorist attack, and taking responsibility)

Related articles

• Sega Hacked, Says Payment Info Not Compromised [The Neverending Story] (kotaku.com)
• Sega’s “Sega Pass” Service Hacked (inquisitr.com)
• Reports: Sega Customer Database Hacked (pcworld.com)

Attack after attacks and this time its UK game developer Codemasters whose customer database has  been compromised.

Image Source: Wikipedia

As posted on company’s forum: Codemasters said  hackers gained unauthorized entry to Codemasters.com on Friday, June 3. “As soon as the intrusion was detected, we immediately took codemasters.com and associated web services offline in order to prevent any further intrusion,”  Director, Community Relations @ Codemasters.

Investigation conducted by Codemasters after the hack revealed that the intruders accessed:

• Codemasters.com;
• DiRT 3 VIP code redemption page;
• the Codemasters estore;
• and the Codemasters CodeM database.

and the intrusion means hackers gained access to customers

• names and addresses,
• email addresses,
• telephone numbers,
• encrypted passwords
• member names/usernames or screen names,
• newsletter preferences,
• any biographical information entered by the user,
• details of last site activity,
• IP address,
• and Xbox Live gamertags.

Good Part: Since no personal payment information is stored with Codemasters as they use external payment providers, assuring payment details were not at risk from this intrusion.

As mentioned in forum post: Codemasters.com will remain offline and all traffic will be redirected to the company’s Facebook page [redirection is not working for me though?]. A new Web site will launch later in the year.

Codemasters suggested that users change their passwords immediately, especially if that password or login is used for other accounts.

Some thoughts/ideas:
– Does all this info really needed by these gaming portals? Isn’t a net-identity linked with e-mail is not enough?
– Always keep a separate password on different portals, so that if one is compromised you don’t have to change all your passwords.
– If your data got hacked in PSN attack and you also happen to have an account at codemasters, hackers might have some redundant data problems now