Anonymous hack hands WikiLeaks TWO MILLION Syrian emails

Hacktivist group Anonymous is claiming responsibility for an attack on the computer systems of the Syrian government and its evil overlord Bashar Assad thanks to which over two million emails ended up in the hands of whistle-blowing site WikiLeaks.

As of last Thursday, the site began drip-feeding sections of the ‘Syria Files’ to its selected media partners, and given there are a total of 2.4m emails from 680 separate domains going all the way back to August 2006, it could take some time.

Anonymous revealed in a press release that its Op Syria team - comprising members of Anonymous Syria, AntiSec and sometime collaborator the Peoples Liberation Front - first breached multiple domains and servers in the war-torn country back in February.

“So large was the data available to be taken, and so great was the danger of detection (especially for the members of Anonymous Syria, many of whom are ‘in country’) that the downloading of this data took several additional weeks,” the release said.

Not knowing quite what to do with the huge treasure trove of information it had snarfed, the group handed it over to WikiLeaks, the organisation it had partnered with before in the hack of private intelligence firm Stratfor.

There were no details of exactly how the attack took place but given the usual MO of Anonymous, you can expect it took advantage of some pretty obvious web application vulnerabilities.

The hacktivist group was also keen to portray itself as a force for good offline as well as on, claiming six of its members carried medical supplies across the border and that it has been helping local activists and protesters avoid surveillance efforts by the Assad regime.

Anti-government activists in Syria have been targeted by phishing campaigns and spyware for months, most recently the BlackShades Trojan which spreads via compromised Skype accounts.

Source: http://packetstormsecurity.org/news/view/21224/Anonymous-Hack-Hands-WikiLeaks-Two-Million-Syrian-Emails.html

New malware hits Middle East computers

Security researchers say they have discovered another piece of espionage malware infecting computers and targeting sensitive organizations in the Middle East.

Kaspersky Lab in Russia and Seculert in Israel said the malware on more than 800 PCs operated by critical infrastructure companies, financial institutions and government agencies has been siphoning e-mails, passwords, computer files and nearby conversations, ArsTechnica.com reported Tuesday.

The researchers have dubbed the malware Madi or Mahdi, which in Islam is synonymous with Messiah, because of several code strings and handles used by the attackers.

The discovery evoked comparisons to the Flame malware used to disrupt Iran's nuclear program, but both Kaspersky and Seculert said the malware contained amateur coding practices and relied on the gullibility of its victims, whereas Flame contained world-class cryptographic breakthroughs and other techniques that suggested state-sponsored developers.

"While we couldn't find a direct connection between the campaigns, the targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern countries," Seculert said. "It is still unclear whether this is a state-sponsored attack or not."

Madi can log keystrokes, capture screenshots and steal any messages sent to or from a variety of widely used services, including Gmail, Hotmail, Yahoo! Mail, Skype or ICQ, the researchers said.

Reference: Link

Cyber warfare: Fear of system failure

The discovery of Flame and Stuxnet leaves security experts concerned there are similar malicious software attacks already underway that their systems cannot detect.

It’s rare to hear someone admit to failure. Even rarer to admit that their company and the entire industry it represents is guilty of a “spectacular failure”. But that is just what Mikko Hypponen, “cyber-security Jedi” and chief research officer at anti-virus firm F-Secure, did recently.

In a candid article for Wired published at the start of June, he admitted that the antivirus industry had been caught with its trousers down by what has been described by some as the most complex piece of malicious software ever created.

Known as Flame, the software is an example of a “spyware” infection, designed surreptitiously to record and transmit a record of actions taking place on a compromised system – from video and audio to the individual strokes of a keyboard – as well as offering access to sensitive and supposedly private information.

More striking than these capabilities, however, are two crucial factors: the sophistication of Flame’s targeting, and its ability to evade detection. Flame’s targets were almost certainly a handful of computers operating sensitive aspects of nuclear programs in the Middle East. And, as soon became apparent after its discovery, it had been spreading across the world towards these machines for over two years, undetected.  Until its purpose was due to be served, one of the most important pieces of malicious code in existence had to all intents and purposes been invisible.

All of which marks out Flame as a tool not of mere criminality, but of cyber-espionage: one developed by a state-sponsored intelligence program with the intent of gathering technical information of the most sensitive kind. Hence Hyponnen’s remarkably frank assessment: “We really should have been able to do better. But we didn’t. We were out of our league, in our own game.”

Sophisticated scams

Cyber-crime used to feel, if not like a game with rules, then at least like an arena of knowable motivations. Thanks to the internet, every petty criminal in the world suddenly had access to your front garden (metaphorically speaking) and would muster as much cunning as possible to break into your house – or at least your bank account.

Just a day after Iran had announced the discovery of Flame, I was speaking at the Thinking Digital conference in northeast England, where I listened to Hypponen outline one of the more ingenious of such scams. Once infected by the malware in question, your computer produces an official-looking message on startup claiming to be from the FBI.

It has been detected, the message says, that your hard drive contains a treasure trove of illicit materials, incriminating you in everything from terrorism to child pornography. Your entire system has been frozen, leaving you only two options: either click here to take the claim to “court” (a bogus dead end); or pay an instant fine to unlock your system. Some users, Hypponen went on to explain, actually paid the fine even though they knew it was a scam – because they couldn’t face the potential humiliation and suspicion of explaining what was going on.

Such attacks can be destructive, disturbing and costly. Yet it is, at least, clear what’s going on once you see behind the deceiving veil: what the scammers want (money); how they aim to get it; and what your recourses may be (download a fix; contact the police or civilian digital security experts). Even when it effectively entails taking your computer hostage, financial gain remains a comprehensible motive.

Raising alarms

What, though, is to be done when the actors involved are states themselves; or digital aggressors acting with the resources of a state behind them? Shrouded by plausible deniability on all sides, it’s increasingly clear that a kind of silent war is beginning online: one whose battles even the experts may only recognize after they’ve been fought, and whose potential targets encompass almost every system or service plugged into a computer.

References: Link1

Anonymous plan to recreate iconic V for Vendetta scene on November 5

Hacking collective Anonymous have announced plans to recreate the iconic scene from James McTeigue’s “V for Vendetta” in which an army descends on Parliament wearing Guy Fawkes masks and black cloaks.

On November 5, so-called Operation Vendetta, hopes to see thousands of Anonymous members gather in Parliament Square to show the government that if freedom is infringed upon there will be 'revolution'. The Facebook event already has 2,500 RSVPs for the event and says that the group will be providing buses from all across the country. 

The group have explained that:

"The 5th of November is a reminder to the government that if they push too far, REVOLUTION is inevitable,” wrote the group on Facebook. “More than 400 years ago a great citizen [Guy Fawkes] wished to invent the 5th of November forever in our memory, his hope was to remind the world that fairness, justice and freedom are more than words, they are perspectives.”

Hacker Attack Email Account Kareena Kapoor, Ekta Kapoor, Arbaaz Khan and Sajid Khan

There is nothing new when celebrities’ email accounts get hacked! For virtually every month, celebrities make headlines when hackers spy on their email accounts, misuse it and leak their personal details. So when Sajid Khan hit headlines when his account was compromised, we were shocked! Initially, he didn’t pay much attention to it because he thought he wasn’t interested in email and social networking websites. But when his friends started calling him up, he realized how serious the problem had become. The hacker used his account to send mails to actresses asking them for their high-res nude pictures!

This isn’t the first time that we have heard of such an instance. In the past too celebrities like Ekta Kapoor, Meghna Naidu, Ali Merchant, Arbaaz Khan have faced similar problems. But what’s disturbing is the spurt in the number of such incidents! For it shows how ridiculously simple it is to break into their emails and extremely difficult to catch hold of culprits.

Here’s a list of celebrities who are having a bad time dealing with the menace of leaked personal details:

Meghna Naidu: She filed a police complaint saying that her email id has been hacked. The hacker was trying to malign her image by writing obscene mails to her friends. She said, “The hacker used my gmail account to chat with my friends and even said that I am pregnant and wanted to go for an abortion. The fraud wrote all such obscene things about me.”

Ekta Kapoor: Her email account too got hacked and the hackers sent false messages to her friends through her mail. An insider revealed that Ekta came to know that her email was hacked when she started receiving phone calls from her friends. They said that they received email from her where they have been asked to pay Rs 11,000 if they wished to get audition for her shows. On hearing this, she was shocked.

Arbaaz Khan: “My email account has been hacked for the 2nd time in 7 days. I’m gonna file a complaint with the cyber cell as its a unlawful act,” Arbaaz submited on the microblogging site Twitter. “Hackers don’t look to realise that such an offense can land them in lockup. The act carries a 3 year lockup term. Surprise if all this is worth it,” he added.

Kareena Kapoor: On returning from Morocco with beau Saif Ali Khan, after completing the schedule of “Agent Vinod”, Kareena Kapoor was shocked to find how her personal e-mail id had been hacked into. “When she returned to India, the first thing she wanted to do was check her e-mails. But she couldn’t log into her account despite several attempts. That’s when she realised that her e-mail account had been hacked into. Kareena is really upset because this happens to be one of her oldest e-mail accounts,” a source said!