Local News

World News

Saturday, February 28, 2015

FBI offers record $3M reward for Russian hacking suspect

The man is suspected of being the mastermind behind the GameOver Zeus botnet, which was used by cybercriminals to steal more than $100 million.
The FBI is offering $3 million for Evgeniy Mikhailovich Bogachev, accused botnet mastermind. FBI
The FBI is offering a $3 million reward for information leading to the arrest or conviction of a Russian hacking suspect, the highest bounty ever offered by US authorities in a cybercrime case.
Evgeniy Mikhailovich Bogachev is accused of being the mastermind behind the GameOver Zeus botnet, which was used by cybercriminals to steal more than $100 million from businesses and consumers since 2011. A 14-count indictment unsealed last year charged Bogachev, 31, with conspiracy, computer hacking, wire fraud, bank fraud and money laundering.
"This reward offer reaffirms the commitment of the US Government to bring those who participate in organized crime to justice, whether they hide online or overseas," the US Department of State said in a statement.

The FBI believes that Bogachev is still living in Russia.
The record bounty for Bogachev comes amid increased efforts by the US government to stem the rise in cyberattacks, which the NSA estimates results in the loss each year of between $100 billion and $400 billion worth of intellectual property, according to Threat Post.

GameOver Zeus, which first emerged in 2011, is an offshoot of the original data-stealing Zeus Trojan that began appearing in 2007, the Justice Department said last year. However, its peer-to-peer structure differed from earlier variants of Zeus, which infected more than 13 million computers worldwide and led to losses of hundreds of millions of dollars.

The botnet was used to secretly infect between 500,000 and 1 million computers worldwide, with the goal of stealing banking credentials from unsuspecting computer users. Often downloaded on to unprotected computers from malicious websites created by cybercriminals, the malware could also be spread via phishing scams that entice users to click on a link or attachment that installs the malware on victims' computers. A keylogger then recorded victims' account numbers and log-ins, which were then transmitted to the botnet's servers.

The botnet was disrupted by a multinational law enforcement investigation that seized servers central to the administration of highly sophisticated malware called Cryptolocker, which encrypted victims' computer files and was then used to demand a ransom of hundreds of dollars in exchange for the encryption key to unlock the files. In its first two months on the Internet, Crypolocker extorted more than $27 million in ransom payments, the Justice Department said last year.

Friday, February 27, 2015

Notepad++ site hacked by a pro jihad group


The website of the popular Notepad++ editor was hacked and defaced by hacktivists protesting against the recently released “Je suis Charlie” edition.

Members of the Tunisian  hacking crew named “Hackers of the Fallaga Team” have compromised and defaced a large number of French websites following the Charlie Hebdo terrorist attack.
Hundreds of French websites have been targeted by Islamist hackers over the past days to respond the cyber attacks launched by the Anonymous collective during its anti-jihadist campaign #opCharlieHebdo.
The website of Notepad++ was the target of the hacking campaign because the company decided to release a special edition for the incident, the version 6.7.4, “Je suis Charlie” edition“. In the following image is visible the defacement operated by the hackers that, according Don Ho, the France-based developer of Notepad++, the attackers have not compromised the infrastructure of the popular websites neither have distributed any malicious binaries of the debated “Je suis Charlie” edition.
Notepad Charlie Ed hacked
The hackers in fact breached only a front-end server inserting the logo of the FallaGa Team, but the binaries of the application were stored on a different infrastructure.
“The message of the defacement accused Notepad++ of inciting hatred towards Islam and accusing Islam of supporting terrorism. The statements of Notepad++ ‘Je suis Charlie’ edition support nothing but the freedom of expression and only that. The fact of Notepad++ supporting the ‘Je suis Charlie’ movement has nothing to do with any accusation towards a specific community,” Ho wrote on the Noteplus ++ website. “In fact the ‘Je suis Charlie’ movement in France, as far as I can tell, deserves no label of racism or of Islamophobia. I have many Muslim friends who are for ‘Je suis Charlie’. And sincerely, I don’t think that two extremist fools can stand for all Muslims or Islam itself,” he added.
Ho explained that every user can anyway continue to use the version 6.7.3 if don’t like the “Je suis Charlie” edition because both versions have exactly the same features.
Fortunately, the observed attacks were limited to deface the targeted websites, but we cannot exclude that cyber jihadists could compromise a website to serve malware and infect their visitors. Anonymous has recently announced that they will disclose the identities and locations of member of the most crowled online jihadist communities, one of the most effective techniques is the hacking of websites visited by muslims and serving a malware in a classic watering hole attack schema. A similar technique could be used also by Intelligence agencies and law enforcement to track “persons of interest” that could be linked to terrorist cells.
Pierluigi Paganini
(Security Affairs –  Notepad ++, Charlie Hebdo)

President Obama Lunches New Cyber Warfare Agency

President Obama has authorized a new cyber warfare agency with Establishment of the Cyber Threat Intelligence Integration Center ,The White House published the news in a Presidential Memorandum for the Immediate Release.
The President Obama directed the authorization of establishment of a Cyber Threat Intelligence Integration Center (CTIIC) to the Director of National Intelligence (DNI) and should be operational and with full capability by the end of year 2016.
The new cyber war fare agency have following responsibilities;
(a) provide integrated all-source analysis of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests;
(b) support the National Cyber security and Communications Integration Center, the National Cyber Investigative Joint Task
Force, U.S. Cyber Command, and other relevant United States Government entities by providing access to intelligence necessary to carry out their respective missions;
(c) oversee the development and implementation of intelligence sharing capabilities (including systems, programs, policies, and standards) to enhance shared situational awareness of intelligence related to foreign cyber threats or related to cyber incidents affecting U.S. national interests among the organizations referenced in subsection (b) of this section;
(d) ensure that indicators of malicious cyber activity and, as appropriate, related threat reporting contained in intelligence channels are downgraded to the lowest classification possible for distribution to both United States Government and U.S. private sector entities through the mechanism described in section 4 of Executive Order 13636 of
February 12, 2013 (Improving Critical Infrastructure Cyber security); and
(e) facilitate and support interagency efforts to develop and implement coordinated plans to counter foreign cyber threats to U.S. national interests using all instruments of national power, including diplomatic, economic, military, intelligence, homeland security, and law enforcement activities.

AnonGhost: The cyber-mercenaries of ISIS

The AnonGhost team has stated that they support the ISIS group which is active in the Middle East. The hackers published their statement on the Facebook social media network.

They said that they support all Mujahideens who defend Islam.
The claim continued to explain that a lot of people claimed that Anonghost is NOT supporting ISIS, but that these claims are false. AnonGhost is supporting ISIS with hacking techniques.
AnonGhost  / ISIS message
AnonGhost / ISIS message

Sunday, February 22, 2015

NSA Stole Millions Of SIM Card Encryption Keys To Gather Private Data

Edward Snowden is back with one of the biggest revelations about the government's widespread surveillance program.
The US National Security Agency (NSA) and British counterpart Government Communications Headquarters (GCHQ) hacked into the networks of the world's biggest SIM card manufacturer, according to top-secret documents given to The Intercept by former NSA-contractor-turned-whistle blower, Edward Snowden.
The leaked documents suggests that in a joint operation, the NSA and the GCHQ formed the Mobile Handset Exploitation Team (MHET) in April 2010, and as the name suggests, the unit was built to target vulnerabilities in cellphone.
Under an operation dubbed DAPINO GAMMA, the unit hacked into a Digital security company Gemalto, the largest SIM card manufacturer in the world, and stole SIM Card Encryption Keys that are used to protect the privacy of cellphone communications.
Gemalto, a huge company that operates in 85 countries, creates about 2 Billion SIM cards each year for AT&T, T-Mobile, Verizon, Sprint and about 450 manufacturers worldwide. The SIM card manufacturer giant also produces banking cards, electronic passports, identification cards and other digital security solutions.
As The Intercept describes, it was a real caper. MHET targeted individual employees in major telecom corporations and SIM card manufacturer companies by accessing their email and Facebook accounts using the NSA's XKeyscore.

XKeyscore surveillance program was designed by the NSA to collect and analyse intercepted data it finds traveling over a network. XKeyscore is powerful enough to be able to pull up more than 20 terabytes of information daily, including emails, chats, social media interactions, and even browsing histories all in real-time, as The Hacker News reported in 2013.
"In effect, GCHQ clandestinely cyber stalked Gemalto employees," the report reads, digging up all information they could find that would lead them back to Gemalto's systems and made it possible to steal large quantities of SIM Card Encryption Keys.
In one case, the report claims, the GCHQ operatives suspiciously targeted a Gemalto employee in Thailand because he was using PGP to encrypt data, who they think "would certainly be a good place to start" for their operation.
The document also noted that some of the companies involved in SIM production didn't take strong measures to protect users’ personal and sensitive data. According to report, "many" SIM card manufacturers sent the encryption keys to wireless network providers with weak encryption methods that can be broken or no encryption at all.
All mobile communications are private because of the encrypted connection between an individual's mobile and the wireless carrier's network. The encryption keys to decrypt that communication is in every phone's SIM card.
These keys basically allow mobile communications – both voice and data – to be decrypted without alerting the users, networks or governments of any activity.
Once stolen, the SIM Card Encryption Keys grants the US and British agents the ability to secretly monitor "a large portion of the world’s cellular communications," both voice calls and data, from 450 wireless network providers without the approval of telecom companies or foreign governments.
This may have given the spying agencies power to silently and effortlessly eavesdrop on anyone’s communications done over a cellphone without leaving any tell-tale trace.
NSA and its counterpart GCHQ could intercept and decrypt any communications, anytime and anywhere they want. This could make it a lot easier for the agencies to conduct widespread surveillance of wireless communications without getting warrants or asking permission from telecom companies or foreign governments.
The breach is devastating for mobile security, which has been targeted a numerous of times. According to the Intercept, it’s hell of a heist. "Gaining access to a database of keys is pretty much game over for cellular encryption," said cryptography specialist Matthew Green.
NSA’s attempt to break into a major corporation and steal private encryption keys that protect hundreds of millions of users worldwide isn't surprising behavior. Because, past two years revelations about the NSA and its allies taught us that they can go to any extent in order to collect data and break or interfere with security on the Internet.
At the beginning of the month, Snowden revealed about the NSA and GCHQ efforts to track and monitor the activities of independent and state-sponsored hackers, some security researchers and news agencies, including The Hacker News, in order to pilfer the stolen data from hackers' archives and to gather information on their targets respectively.
Apart of this, the latest revelation is really a bad news for pretty much everyone around the world having cellphones in their pockets, since it's highly likely that your mobile phone contains a Gemalto-manufactured SIM card, and which means your conversations can be easily monitored.
The revelation is also a bad news for countries, except the U.S. and U.K., since these SIM Card Encryption Keys give them an easy way to spy on foreign countries without asking permission. And last but not the least, it’s really bad news for the biggest SIM card manufacturer Gemalto, as the agencies cyber stalked and hacked its employees to obtain the private encryption keys.

Hacktivist Group Anonymous (#OpISIS) Takes Down Islamic State (ISIS) Social Media Accounts

The hacktivist group Anonymous has launched a massive cyber attack against the Islamic State of Iraq and Syria (ISIS) — the radical Islamic terrorist group who were responsible for the terrorist attack against the Paris offices of satirical magazine Charlie Hebdo.
With huge social media presence, ISIS is the most active terror group on Facebook, Twitter, YouTube and Instagram accounts. But unluckily, over dozens of Facebook and Twitter accounts linked to ISIS has recently been taken by the Anonymous group.

In a video appeared on Youtube, Anonymous group and RedCult announced the operation #OpISIS and claimed to have carried out cyber attack against hundreds of Twitter and Facebook accounts used by ISIS for its own propaganda and to recruit new members.

According to the video, Operation #OpISIS is coordinated by "Muslims, Christians, Jews" alike and a masked individual discusses the aim of the campaign.
They are "hackers, crackers, Hacktivist, phishers, agents, spies, or just the guy next door… students, administrators, workers, clerks, unemployed, rich, poor." They are also "young, or old, gay or straight… from all races, countries, religions, and ethnicity. United as one, divided by zero," video explains.
A list of more than hundred Twitter and Facebook accounts suspected to belong to Islamic militants has been released by Anonymous. Twitter has already suspended more than 1500 ISIS accounts since the group released the first list in June, 2014 and dozens of militant recruiting websites were knocked offline using collective DDoS Attack.
Thousands of Twitter accounts associated with terrorist group Islamic State (ISIS) are still active and spreading jihadist propaganda despite a campaign by the hacktivist collective Anonymous to take them down.

According to Anonymous, it's just the beginning of their operation and warned ISIS that there will be "more to come."
We will hunt you, take down your sites, accounts, emails, and expose you…
From now on, no safe place for you online…
You will be treated like a virus, and we are the cure…
We own the internet…
We are Anonymous; we are Legion; we do not forgive, we do not forget, Expect us.
However, ISIS supporters are circulating a new social media guide with instructions for acquiring accounts undetected.
In June, Hacktivist collective Anonymous launched a campaign to take down social media accounts and websites associated with ISIS terrorists as a response to the recent Charlie Hebdo attacks under operation #OpCharlieHebdo.
Anonymous hackers also threatened to target Saudi Arabia and related nations for funding and supporting ISIS group. In a previous note they explained, “We are unable to target ISIS because they predominantly fight on the ground. But we can go after the people or states who fund them.


Manila Clasico is always something to watch. It’s always a throw-the-stats-out-the-window kind of thing no matter what the stakes are. In this particular edition, the stakes are pretty high as both teams are coming off painful losses and both want to gain ground as they inch closer to the end of the elims. Purefoods definitely wants to rebound after getting embarrassed by Kia, while Ginebra hopes to recover after falling short against TNT.

Here are some things to look at in this game:
Starting at PG, Mark Barroca was pretty awesome against Kia, well, save for the fact he turned the ball over SEVEN TIMES. He also got schooled a little bit by Kia’s LA Revilla, who seemed to run rings around the PUR defense. Barroca still had a great offensive performance, leading PUR in scoring, but he’ll need to do a better job on defense, especially today against LA Tenorio.

Comm Cup Stats: 12.8ppg, 6.2rpg, 1.8apg, 1.3spg, 2.2 TOpg

vs KIA: 18pts, 8rebs, 0 asts, 3stls, 7 TOs

Old man Mick Pennisi came off the bench and was on-target from long range. At his advanced age, Pennisi cannot really be counted on for much else aside from his three-point shooting so the fact he hit 4 trifectas was a big bonus despite the loss to Kia. If he can continue waxing hot, GIN will be in trouble.

Comm Cup stats: 3.5ppg, 3.0rpg, 0.3bpg, 41.2 3pt%

vs KIA: 12pts, 4rebs, 1blk, 4 triples

Frontline partners Marc Pingris and Joe Devance did pretty well against Kia, combining for 22 points, 19 rebounds, and 9 assists, but even their production wasn’t enough to negate the monster numbers of Kia import PJ Ramos, who dropped 32 points and 26 boards. Against GIN’s Mike Dunigan, it looks like both JDV and Ping will need to work extra hard again if they want to contain the burly big man.

JDV Comm Cup stats: 7.7ppg, 6.2rpg, 3.0apg

Ping Comm Cup stats: 8.8ppg, 7.7rpg, 2.5apg

Combined vs KIA: 22pts, 19rebs, 9 asts

After losing to Kia, not to mention fouling out, import Daniel Orton made some scathing and rather inappropriately-worded comments directed at the officiating and Kia playing-coach Manny Pacquiao. He basically said that both the officiating and Pacman were jokes. Unfortunatley for Orton, he was given summons by the Commish’s Office and is expected to incur a hefty penalty for his outburst of frustration. He called the refs and Manny jokes, but, in the end, it seems the joke was on him.

first 2 games: 19.5ppg, 17.5ppg, 5.0bpg

vs KIA: 6pts, 3rebs, 0blks

On the other end of the spectrum, GIN’s Mike Dunigan was splendid against TNT. He outplayed counterpart Richard Howell and was super solid for the Gin Kings. Unfortunately, GIN lost that game, but they cannot fault Dunigan for the result. If he continues to put up good numbers against PUR’s frustrated Danniel Orton, GIN should have a fair shot of winning here.

Comm Cup stats: 22.8ppg, 13.6rpg, 1.0bpg, 40.7 FG%

vs TNT: 30pts, 18rebs, 2blks, 10/19 FGs (52.6%)

Another guy who did really well for GIN in its last game was Caliber 45, Mac Baracael. The former FEU swingman waxed hot against TNT, drilling 5 triples on his way to a conference-high 20 points. He also grabbed 6 rebounds in an all-around effort. He’ll have a tough test against rookie Matt Rosser in this game, but if he can keep on hitting those threes, he should be able to spread the floor for GIN effectively.

Comm Cup stats: 9.4ppg, 3.8rpg, 1.8 triples per game, 47.4 FG%

vs TNT: 20pts, 6rebs, 5 triples, 7/12 FGs (58.3%)

LA Tenorio, too, had a a good game against TNT, but it was a steal by Jayson Castro off Tenorio that sealed the win for the Texters. Tenorio was efficient in scoring, hitting 6 of his 9 shots en route to 14 points. He was also effective at finding his teammates (6 asts) and on defense (4 stls), but, again, this was off-set by his 4 turnovers.

Comm Cup stats: 8.0ppg, 4.6rpg, 4.4apg, 2.8spg, 2.8TOpg

vs TNT: 14pts, 6rebs, 4 asts, 4stls, 4TOs

Speaking of turnovers, as a team, GIN coughed up the ball 19 times against TNT. This led to the Texter scoring 23 points off TOs. In a game as tight as the one these two clubs played, those TOs were huge. Three guys had 4 or more TOs for GIN, which is surely not a good sign heading into this match with PUR.

Last game vs TNT: 19 turnovers

Tenorio, Yeo, and Baracael: 4 turnovers each.

As always, when we talk of Manila Clasico, one of the most anticipated match-ups is between icons Mark Caguioa and James Yap. The production for both of these guys has tapered off a bit in recent years, but that doesn’t mean they’ve lost their fire and will to compete. Caguioa is coming off a decent game against TNT where he scored 11pts, so he should be prime and ready, though the big question ark is for Yap, who missed the Kia game because of soreness in his knee. No major damage was seen, though, so he could still be back and reprise his role as the main foil to Ginebra’s machinations. He’s only had one great game so far this conference, so look for him to really want to bounce back.

Caguioa stats so far: 11.0ppg, 5.0rpg, 1.2apg, 1.0spg, 42.6 FG%

Yap stats so far: 8.6ppg, 1.6rpg, 1.4apg, 28.6 FG%


Tuesday, February 10, 2015

The Pirate Bay relaunch is FBI's Honeypot? Pirate Bay Team Responds,'NO WAY'

After almost two months of untimely and unexpected outage, The Pirate Bay (TPB) finally came back this weekend. But the re-launch of the infamous torrent-indexing website raised a question among those suspicious about this new setup — Is it really The Pirate Bay?
A few days back we reported that The Pirate Bay – a widely popular file-sharing website predominantly used to share copyrighted material free of charge – had made its return to the Internet once again after suffering two months of outage following a police raid in Sweden late last year.
Many users, including I, thought the site left dead as last took down was the longest outage the torrenting site has ever experienced. But history repeats and The Pirate Bay made its way a day before it claimed. Pirate lovers around the world rejoiced while others noticed something very suspicious.
The truth behind The Pirate Bay, like who was driving the re-emergence of the site or who would be currently running the site, is all not known.
But because it was seized and took down the law enforcement, The Pirate Bay could now be in the hands of the FBI, and brought back online as a "honeypot", or fake site meant to collect evidence about users, including pirated content uploaders.

This is what some Reddit and Twitter users thought about the re-launch of the torrent download site. The comments on Reddit and a tweet by an Anonymous sect called The Anonymous Message also points to a federal honeypot masquerading as The Pirate Bay to catch pirates.
"ALERT: STAY AWAY from The Pirate Bay website as we-have gotten reports That It has-been Indirectly Seized by the FBI and is logging IPs," The Anonymous Message tweeted Sunday, but didn't provide any proof of the FBI involvement in The Pirate Bay.
However, the major concern people thought to have is The Pirate Bay’s use of CloudFlare’s CDN (Content Delivery Network) and its SSL service. CloudFlare is a content delivery network that is used by websites with high amounts of traffic in order to protect sites from DDoS attacks and was discovered on the new Pirate Bay upon its return.
Several people voiced concerns that The Pirate Bay, CDN Cloudflare uses in the United States and therefore speculated about a connection to the FBI.
To add more confusion, and create conspiracy, the admin also noted that he had fired all the moderators working for the site, reported Torrentfreak. "Due to severe security issues regarding the old moderator team all moderation has temporarily been disabled," the admin wrote.
Today, The Pirate Bay has responded to the concerns about its use of U.S.-based CDN service CloudFlare, explaining that it’s only using Cloudflare temporarily in order to cope with the continued stream of millions of visitors.
"We have seen that there has been some question to why we are using Cloudflare," TPB says in a statement. "This is only initially to handle the massive load upon the servers. It will be removed shortly."
The second concern was the lack of moderation on TPB. As soon as The Pirate Bay returned, many fake torrents have been posted to the site and without moderators these were not removed. However, TPB operators now explain that the decision to keep the staff out was taken as a security measure.
In order to deal with the spam and fake torrent problem TPB added a report link to every torrent details page. "Before we sort everything out we have instead added a 'Report link' to all torrents which you can find in the details page," the admin wrote. "We believe that the TPB community can help moderate the site for the time being."