Home » Tag Archives: hacker

Tag Archives: hacker

An Overview of Threats Against Companies in This Year 2014

The number of companies who become victims of cyber attacks are rising on this year. Kaspersky Lab Research and B2B International shows 91% of companies surveyed have been victims of cyber attacks at least once within past 12 months, while 9% Others were targeted attacks, ie planned attacks that aims to infect network infrastructure company or organization.

Breadth of digital devices used in many companies has created ideal conditions for cyber spying and launch a malware to steal corporate data. Its have a great potential so that a malicious program could be replace an informant (insider) to obtain the information.

Main Findings the Corporate Threat in This Year:

  • The unfolding of spyware attacks are associated with various governments
  • Most incidents involving cyber criminals aim to steal information
  • Revealed an attack to the contractor, and not to the big company
  • Emerging new actor in APT attack: cyber-army who undertake cyber spying based-on request

In 2013 revealed some spyware attacks are associated with numerous government agencies, either directly or indirectly. Other actors in terms of cyber threat against corporates is the company that using cyber criminals because their competitors wishing to enter the networks.

Cyber-army perform the operation that usually aimed to stealing information. Another attack aimed to sabotaging – using the malicious programs to delete data or block operations infrastructure.

Some programs specifically Trojan was able to steal money through online banking system. The cyber criminals can hack into the company’s websites and redirect visitors to malicious sites, and this action could damage the company’s reputation. Financial loss is generally caused by DDoS attacks, which can shut down the site public utility companies for a few days. As a result, the client switched to another company and this leads to long-term financial losses.

10 Tricks Securing Your Account from Thieves

Yahoo! admitted that over 450,000 username and password users have been hacked as hacker group publication, D33Ds, who on Wednesday (11/7) last claimed responsibility for the attack. Although confirmed only less than 5 percent Data that leaked D33Dsn is valid, Yahoo! recommends users change their passwords.

In addition to changing passwords here are some tips you can consider for safe surfing in cyberspace.

1.Password Manager

The use of a password manager help you make a strong and unique passwords for various online accounts. These services also prevent you from using the same password for multiple accounts.

Because it is integrated with a web browser, a password manager will automatically save and fill website login forms and securely set up your online life. Several password manager of choice, such as: LastPass, KeePass and 1Password.

2. Secure Gmail

Not good if you have a Gmail account and use the same password with other online accounts. You need to enable Google two-step verification to ensure that no person who opened e-mail without your knowledge. These features are ensure to login to your account process into two steps. Before you can open an account, Google will send a verification code to your mobile phone to make sure whether you want to access your Gmail account. If necessary activate this feature in Google account settings.

3. Full Disk Encryption

Set up and use the full disk encryption to protect your data, especially when you’re on the way. Full disk encryption uses a mathematical technique for scrambling data so it can not be understood without the correct key. Please check here the usefulness and how to use. Windows users have access to the Microsoft BitLocker while TrueCrypt provides cross-platform compatibility at the most.

4. Switch to Google Chrome

Google Chrome so far considered the most secure browser than others. You can download the KB SSL Enforcer extension that will forced search encrypted when possible. The extension also automatically detect if a site supports SSL (TLS) and redirect search session to session encryption.

5. Secure Cloud Data Store

Get used to store contents your computer to an external hard drive or to a secure online service. Companies like Mozy, Carbonite or iDrive can be used each one to back up data from files, music, to photos.

6. Uninstall Java If not Used

Uninstall Java from your computer if it is not necessary because past two years Java vulnerabilities are always targeted by malicious hackers.

7. Adobe Reader Sandbox Technology

Adobe Reader often become main target group of skilled hackers and organized, especially for business groups. The latest version of Adobe, Adobe Reader and Acrobat X has a Protected Mode sandbox technology which serves as a major deterrent from harmful exploitation. Sandbox is a technology for secure web through isolation, without a gap that can be hacked by hackers. If are not already using, you should immediately update as soon as possible.

8. Install VPN Service

We all used to check e-mail or Facebook status update from a coffee shop or public WiFi network. It’s important to install virtual private network (VPN) to encrypt your activities and keep your personal data falling into the hands of malicious hackers. The following video explains everything you need to know about VPN and how to set it up to authenticate and encrypt your search on the web. If using a public computer, consider using a VPN application that can run with a portable USB drive.

9. Don’t Share ‘Anything’ in Social Network

Social networks like Facebook, Twitter and LinkedIn are good hunting ground for cyber criminals. Use common sense when sharing data, even when you think were in a trusted environment. Do not share any sensitive issues or excessive because your privacy is never guaranteed. Consider the safety features and try to avoid clicking on the video or a foreign link that could lead to attacks.

10. Always Update to Latest Version

Hackers rely on security vulnerabilities as the entrance to your device. It’s important to make sure your computer is always safe and allows the automatic update every existing software. Use the Windows Automatic Updates to ensure improvement of operating system always on time. Use a reliable anti-malware software and delete any that do not want to use.

How to Secure Online Transactions? Tips to Securing and Vulnerabilities

Can not be denied, the number of users online transactions each year continues to increase. Harris Interactive survey conducted in February-March 2012 said there were 57 percent of Internet users who manage bank accounts online and make online shopping. Of these, about 31 percent admitted they store data banking on the hard drive.

Therefore not surprising that banking information is very tempting targets for cyber criminals. The target was none other data such as login passwords, code validation and confirmation of transactions that they could use to fake himself as the owner of an electronic account. In addition, e-mail is also often used as one of the simplest ways to get financial information.

E-mail like this usually contains a message that entices the recipient to provide personal information or visit the official website of a particular bank. Another way is to include a link that directs consumers to third party sites that contain malicious programs. The cyber criminals can steal information from infected systems, by means similar with theft information through websites ‘official’ that they make, or make the interception of information typed through a browser. Interception can also be done directly using a keylogger.

One of the trojan that took part in a theft trick this is Trojan-Banker.MSIL.MultiPhishing.gen. This Trojan detected by Kaspersky Lab experts in January 2012 ago. This Trojan is designed to steal credentials major banks in Europe.

So, although this trojan has entered into a victim’s computer, but this trojan will not be activated immediately, but waits until the user is logged into one bank online services. How it works, the trojan will display a window that mimics the bank authorization form that is accessible, while the original windows from bank will be closed by this trojan. This Trojan can be detected by antivirus registered in England.

To protect customers from threats that exist when doing online banking, some banks apply to their own protection. For example, multiple authentication which requires customers to use two passwords. The first and second login to confirm payment or other transaction.

This can be combined with one-time password system that sent the bank to make cell phone customers every single transaction. Another way is to give a token to its customers to generate passwords on request. In addition, for the outside teller transactions, such as online banking, mobile banking, SMS banking and others, banking uses SSL secure connection that reduces risk of Data theft during transmission.

To ensure the security of your banking information – and the system you use – it takes a reliable antivirus solution with a reliable Internet security. This solution should be able to protect your computer from malicious software, network attacks and malware in e-mail traffic using traditional technology and proactive. You also need an antivirus program that can protect you while exploring the virtual world. To overcome the keylogger can intercept data to typed on your keyboard, you can use a virtual keyboard.

Safe Money Kaspersky provides technology designed to protect banks and other financial information during transactions. Some of the protection offered by this solution are:

  • Database address of bank and trusted e-payment system that can be modified by the consumer;
  • Tools to verify the identity of a server;
  • Tools to scan your computer and look for vulnerabilities that affect the security of online banking;
  • Protection of the browser creates an isolated environment for bank sites, payment systems and online stores;
  • Features that protect the Secure Keyboard Data entry with the help of a special drive and mouse-driven virtual keyboard.

Useful Security Tips from The Top IT Experts in World

Learning from mistakes makes you getting smarter. Moreover, if existing errors coming from the professionals expert.

IT professionals can get caught on tricks of cyber criminals. However, from there they can share useful lessons for all computer users. CnwinTech ask some leading IT experts about their experiences while connecting to Internet. Their experience could be valuable lessons for Internet users.

CnwinTech does not expecting get so many honest answers and some very open. Eugene Kaspersky tells how he succeeded in thwart the kidnapping of his son. Figure of open source, Richard Stallman also expressed his personal opinion about some errors in Windows operating system.

Actually, anyone can implement its own principles in securing data. However, the experience of the experts may also be a personal safety guide.

Eugene Kaspersky: Kidnapping

Click to Expand

Click to Expand

April 2011 ago while a married couple retired Russian kidnap his son, 20-year-old Ivan. To free his son, Eugene Kaspersky with police setting up a hoax. Utilizing the local media, Eugene Kaspersky maneuver distracted the kidnappers by informed that he had paid a ransom of three million Euros. Hoax was successful and further police make action to liberate Ivan without injury.

However, these events brings its own lessons to Eugene Kaspersky. The investigation revealed that the perpetrators collecting personal information from social networks and observing daily activities of potential victims. With this information, they planned criminal.

“No one knows exactly the reason they chose Ivan as a victim,” said Eugene Kaspersky in a special interview with CnwinTech. “However, I suspect because Ivan publish too much personal information on Vkontakte (Russian Facebook),” he added. With that information, kidnappers can easily find out detailed activities of Ivan, watching, and calculate the level of personal security.

With the case, Eugene Kaspersky today still feel guilty since he did not explain the dangers of using social networking and do not give advice to restrict the publication of personal data. “Do not make the same mistake. Act immediately to protect your children”, he warned. 

Thorsten Holz: Hackers who hacked

Click to Expand

Click to Expand

Cyber criminals can also be trapped. When Thorsten Holz see better control server of a network bot for research purposes, he did not believe he was seeing. Bot network administrator does not change the default password server. Thus, the researchers were able to copy and analyze the huge numbers digital loot.

“With the verification of two factors, the network must be more secure (from us)”, says Thorsten Holz. In addition to the password, the user must enter a TAN which will be received on mobile phones via SMS or TAN-apps. Login is just using your username and password hacker easier. With a trojan keylogger, hackers can read any password easily. Currently, Google and Facebook have provided two-factor login.

Mikko Hypponen: Account hijacked

Click to Expand

Click to Expand

Finnish men began a career as a creator of virus. When teenager, Mikko Hypponen make Omega virus which he said is not dangerous. However, he quickly turned toward becoming a major virus hunters at F-Secure and consultants of international security institutions.

Since the 90’s, cyber crime is a billion-dollar business and virus makers likes to targeting community. From there, Mikko Hypponen draw lessons, a program whose name is not familiar (not known) rarely get into the target criminals. “Use another program,” Mikko Hypponen advice. There are many alternatives, like Linux replacement for Windows 7, Foxit Reader replacement Acrobat Reader, or IE replacement Opera.

Bruce Schneier: Brain-Backup

Click to Expand

Click to Expand

Bruce Schneier store data in two brains. Laptop containing e-mails, contacts, and agenda, it’s easy to hijacked. “Backup in my brain,” joked Bruce Schneier. However, this is true because if your life a lot going on computer, data leakage will be more easily happen. With distributed backups across multiple storage media, data security will be more preserved. “Always make backups!” Bruce Schneier said.

Konstantin von Notz: Encrypting e-mail

Click to Expand

Click to Expand

Konstantin von Notz, one of the Green party politicians in the state of Schleswig, Holstein, Germany, fighting for security e-mail as connection between the community and board members via e-mail that encrypted and providing a free application to open it. E-mail encryption is always discussed within the community. Communication without encryption is not compatible with data protection. E-mail without encryption can be read by anyone in the network.

Jacqueline Beauchere: Choose your friends

Click to Expand

Click to Expand

Children are a favorite target of ID thieves. Jacqueline Beauchere, Microsoft security experts found several cases of ID theft on behalf of children who can make many losses. With a social insurance number, criminals get credit for shopping. Losses borne by parents of course.

Therefore, Jacqueline advises young parents to make online security an family theme. You have to explain certain restrictions, including checking list of Facebook friends on a regular basis. This must be done because the case has been common, the best friend today could be the main enemy in the next day.

Digital clean-up on a regular basis can prevent cyber-mobbing. “The end of school year or when changing schools is a good time to do it,” said Jacqueline. “Check your list of friends on social networks with your child and remove any of some can be dangerous,” she said.

Brian Krebs: Unfriendly Resources

Click to Expand

Click to Expand

Brian Krebs has learned from bad experiences. “Internet is good, but with good control as well”, said Brian. Several years ago a hacker wrote to him: “Hi Brian, look at this link”. He not only saw, but clicking on it. After that, the operating system is destroyed. For hours he tried to make computer work again.

Since then, this security experts separate work environment from external communication. “You never know who sent people through Internet, even by friends though. They can send malware”. Now, Brian Krebs much more cautious. “I only install programs that I know and I really want,” added Brian.

Joanna Rutkowska: Secure System

Click to Expand

Click to Expand

Overcoming the problem at its root is the principle of Joanna Rutkowska. For her, a computer security should start from hardware. “During this operating system uses too few hardware technologies that can further improve computer security,” she said.

This Polish security researcher has argued like that because with their team Invisible Things Lab, she has been working on open-source operating system QubesOS extremely secure. Therefore, Joanna Rutkowska does not offer a general security solutions are sold, but with the right answer to the question. For example, how to surfing every day in cyberspace safely?

Thus, you should try to own and use a variety of tools for different tasks. “I use the iPad for surfing and computers backed up to work,” says Joanna. However, it is no longer required when using QubesOS. “Maybe a few more years I can tell you, for those who want a secure computer, you only need to use QubesOS” added Joanna little promotion.

Richard Stallman: Windows spy

Click to Expand

Click to Expand

He is a tireless fighter for freeware applications. Not only that, he did not consider himself to security experts, but he relentlessly warn people about the dangers of computer. “For me the best example is Windows because it has monitoring functions, digital cuffs for user files, and security holes,” said Stallman warned. Therefore, he recommends using freeware software which no longer free to spy on users.

Stephen Pao: Dealing with errant staff

Click to Expand

Click to Expand

Each time Stephen Pao hiring a new employee, co-founder of Barracuda Networks WLAN is always keep an eye in the company. If these new employees brave to log on Facebook without HTTPS protection, hacker software Firesheep Pao’s will turn on alarm.

Furthermore, this network expert can log into a Facebook profile corresponding to view and modify various data at will. Pao just leave funny notes and warns employee with a special note that said “You already know, you work in an IT security companies? Use HTTPS!”

Without HTTPS, usually Data sent without any encryption between website and PC. In an open WLAN, it is an invitation for hackers. On Facebook, its setting option at “Account Settings | Securit | Secure Browsing“. If you have not already, please do. The same function is also offered many other web services.

Candid Wuest: innocent Flash disk

Click to Expand

Click to Expand

Due to already believed to their friends, without thinking Candid Wuest meets the friend request. However, Candid surprised by things he found in his friend flash disk? A vicious USB autorun worm that exist in flash disk. Ultimately, the worm can be active when the flash disk is inserted in a USB slot. Furthermore, the Worm can directly infect the test system’s Candid Wuest.

“I have to reinstall all the computers,” he said. An error due to lack of caution which is not easy to avoid this Symantec experts. Because not all programs recognize the security of any virus, online scan actually can help it. Virustotal.com web service instance can check files with assistance of more than 40 different virus scanner applications.

Sebastian Schreiber: outdated code

Click to Expand

Click to Expand

As request of company, Sebastian Schreiber had infiltrated into network as testers. However, he even panic when installing an application, but he forget the code. By doing a simple trick, still he did not succeed. Currently, simple tips and tricks are actually outdated. To protect your computer, you must take care with difficulty, making it vulnerable to dangers, and should be careful on Internet. Tips from Sebastian, if an expert promise a simple solution, always be skeptical because the experts themselves are not free from error.

Break Up to 450 Million Passwords per Second with Extreme GPU Bruteforcer

Extreme GPU Bruteforcer, developed by InsidePro is a program meant for the recovery of passwords from hashes of different types, utilizing the power of GPU which enables reaching truly extreme attack speed of approx 450 Millions passwords/Second .

The software supports hashes of the following types: MySQL, DES, MD4, MD5, MD5(Unix), MD5(phpBB3), MD5(WordPress), NTLM, Domain Cached Credentials, SHA-1, SHA-256, SHA-384, SHA-512 and many others.

The software implements several unique attacks, including mask and hybrid dictionary attacks, which allow recovering even the strongest passwords incredibly fast. Utilizing the power of multiple graphics cards running simultaneously (supports up to 32 GPU), the software allows reaching incredible search speeds of billions of passwords per second!

Type hashes average speed (Using NVIDIA GTS250):

  • MD5 420 000 000 n/a
  • MySQL 1.08 billion n/a
  • MD4 605 000 000 n/a
  • NTLM 557 000 000 n/a
  • SHA-1 120 000 000 n/a
  • MySQL5 66 million p/s
  • LM 49 million p/s

The Program is easy to use, to launch the program, just pass the command-line parameters like – Name of the INI file with attack settings and Name of the text file with hashes.

INI File Parameters

[Settings]
 AttackMode=1
 LastPassword=
 CurrentDevice=1
 StreamProcessors=128
 PasswordsPerThread=3000
 Base64Hashes=0
 AttackTime=0
 DeleteHashes=0
 OutputFileFormat=0
 AppendToOutputFile=1
 AppendToDictionaryFile=1
 CustomCharacterSet1=
 ; ...
 CustomCharacterSet9=
 CustomCharacterSetA=
 ; ...
 CustomCharacterSetZ=
[BruteForceAttack]
 1=?d,0,9
 2=?l?d,1,7
 3=?l?d?s?u,1,5
[MaskAttack]
 1=?u?l?l?l?l
[DictionaryAttack]
 1=DictionariesInsidePro (Mini).dic
 2=DictionariesPasswordsPro.dic
[HybridAttack]
 Dictionary=DictionariesInsidePro (Mini).dic
 1=@
 2=@?d
 3=@?d?d

The name of a text file with hashes. The format string to hash a “one line = one hash”. In the distribution of the program includes test files with examples of hashes.

Here in above screenshot you can see that a alphanumeric 7 character NTLM password cracked with the speed of 553.510 Million passwords per second, this cracking process takes a few second to get the actual hash value by bruteforce process.

In another Example a 7 character alphanumeric MD5 password cracked with speed of 423.966 million passwords per second.

The main requirement is that your video card must support the CUDA technology. By default, the program is configured to run in the extreme operating mode to recovering passwords at the highest speed possible. But if it slow down your PC, then you can decrease the load on your computer, decrease the value in the PasswordsPerThread parameter in the INI file.

Extreme GPU Brute-forcer in Action:

United States Losing War Against Hackers

FBI is struggling to combat cyberattacks by hackers. “We’re not winning,” FBI executive assistant director Shawn Henry said. Four top government cybersecurity officials have basically come out to say America is getting her hiney kicked in cyberattacks by nation state hackers.

Shawn Henry, who is getting ready to leave the bureau after more than two decades with the law enforcement agency, says the United States is falling behind in the ongoing fight against cyber ne’er-do-wells.

“Your government failed you,” testified Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House. He said that to Congress about 9/11, but now he’s warning the people that we are defenseless when it comes to cybersecurity; our government has failed us again. Clarke stated, “Every major company in the United States has already been penetrated by China.”

Who declared this war and why did they declare it? Who surrenders in these sorts of wars? Who signs the papers? Of course, there is no war. Hackers hack and they will continue to hack. Someone will always try to stop them. Let me assure you burglaries are more frequent and generally more damaging to the man on the street yet nobody has declared a war on burglary.

Then Shawn Henry, the FBI’s ‘top cyber cop,’ told the Wall Street Journal the U.S. is “not winning” the war against computer criminals. Uncle Sam needs hackers because we are, in fact, outgunned.

FBI agents are constantly finding data stolen from companies who are not even aware their networks had been hacked, he said.”We have found their data in the middle of other investigations,” Henry said. “They are shocked and, in many cases, they’ve been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.”

In its war against hackers the FBI is outnumbered, Henry said, with too many hackers around the world and too many entry points in the companies and government agencies the FBI wants to try to protect.

Over Weekend, GitHub hacked with Ruby on Rails public key vulnerability

Github, the service that many professional programmers use to store their work and collaborate on coding, was hacked over the weekend. A young Russian developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others.

When Github saw what happened, they suspended Homakov’s account, which created a firestorm of protest. A blog post entitled, Github, You Have Let Us All Down. Github has succumbed to a public key vulnerability in Ruby on Rails allowing a user administrator access to the popular Rails Git. Homakov’s actions were relatively simple – he merely uploaded his public key to the repository so Git thought he was an approved administrator of that project. This would not only entitle Homakov to commit files but he could effectively wipe the entire project and its history clean.

“The root cause of the vulnerability was a failure to properly check incoming form parameters, a problem known as the mass-assignment vulnerability,” GitHub co-founder Tom Preston-Werner wrote in a blog post.

“Two days ago he responsibly disclosed a security vulnerability to us and we worked with him to fix it in a timely fashion. Today, he found and exploited the public key form update vulnerability without responsible disclosure,” Preston-Werner said, explaining that this had meant Homakov had broken GitHub’s terms and conditions.

Github is used by a number of high-profile projects including the Linux kernel. Homakev’s actions were to exploit a well known weakness of Ruby on Rails and questions might be asked as to why Github’s administrators did not block such an attack sooner.

Moving forward, GitHub has apologized for obfuscating the how white hat hackers should disclose security vulnerabilities and set up a new help page that clearly lists how to report issues.

From Sony, Michael Jackson's entire back catalog stealed by Hackers

Entertainment giant Sony has confirmed that hackers accessed its systems and compromised Michael Jackson’s entire back catalog, including many unreleased songs. Michael Jackson’s entire back catalog has been stolen by Internet hackers.

Sony music suffered its second major security breach in a year, with thieves targeting songs and unreleased material by the superstar singer. It’s alleged they downloaded more than 50,000 music files worth $253 million in the biggest ever cyber-attack on a music company.The news comes just a year after Sony paid $395 million for the seven-year rights to the songs following Jocko’s death.

The buy-up came with a stash of unreleased tracks including duets Jacko did with the late Queen singer FreddieMercury and Black Eyed Peas star will.i.am, 36. Sony had been planning to release them on up to 10 albums, which would have netted a fortune.

It is thought that the hack occurred around the same time Sony’s PlayStation Network (PSN) was hacked in April 2011 but was not noticed at the time. It is thought that the breach was only noticed through monitoring of social networks and Michael Jackson fan sites.”Everything Sony purchased from the Michael Jackson estate was compromised,” a source told. “It caused them to check their systems and they found the breach. There was a degree of sophistication. Sony identified the weakness and plugged the gap.”

The hack has compromised the work of other artists managed by the firm, including songs by Jimi Hendrix, Paul Simon, Olly Murs, the Foo Fighters and Avril Lavigne. Two men appeared in court in the UK on Friday accused of offences in connection with the alleged security breach.James Marks, 26, and James McCormick, 25, denied charges under the Computer Misuse Act and the Copyright, Designs and Patents Act and were bailed. They are due to stand trial next January.

It’s unclear who stole the recordings, and if it was the same attackers responsible for the massive PlayStation breach which compromised the accounts of millions of Sony customers. So far, it appears as though the recordings have not been leaked to the Internet, but it’s possible that could happen unless the hacker just plans to keep them for his or her own listening enjoyment.