Hackers Attack Bank of America Over Anti-Islam Film

Hackers Attack Bank of America Over Anti-Islam Film

A United States bank had its website targeted by hackers Tuesday in revenge for the obscure amateur video that mocked Islam's Prophet Mohammed. Visitors to the U.S.-based Bank of America website were temporarily unable to perform transactions as a result of the attack.

The hackers, who called themselves “Cyber fighters of Izz ad-din Al qassam” appeared not to be U.S.-born, or at least, seemed to post in English as a second – or third – language. They added in the jihadist statement posted on the Pastebin.com website that the attack was the “first step” in a larger plan to target property owned by “American Zionist capitalists.”

The cyber terror group also threatened to continue attacks until the “erasing of that nasty movie” – presumably the obscure amateur video clip mocking the life of Islam's Prophet Mohammed – that ignited worldwide violence. Rioters in Muslim-populated countries attacked U.S. embassies and consulates, as well as diplomatic missions from the UK and Germany. The film was used as the excuse to savagely carry out the murders of an American ambassador to Libya, three other American diplomats and two U.S. Marines, as well as 28 others.

The group blamed production of the film, "Innocence of Muslims," on the "United States of America with the held of Zionist Regime."

The post, made sometime Tuesday, read as follows:

My soul is devoted to you Dear Prophet of Allah
Dear Muslim youths, Muslims Nations and are noblemen
When Arab nations rose against their corrupt regimes (those who support Zionist regime) at the other hand when, Crucify infidels are terrified and they are no more supporting human rights. United States of America with the help of Zionist Regime made a Sacrilegious movie insulting all the religions not only Islam.

All the Muslims worldwide must unify and Stand against the action, Muslims must do whatever is necessary to stop spreading this movie. We will attack them for this insult with all we have.

All the Muslim youths who are active in the Cyber world will attack to American and Zionist Web bases as much as needed such that they say that they are sorry about that insult.

We, Cyber fighters of Izz ad-din Al qassam will attack the Bank of America and New York Stock Exchange for the first step. These Targets are properties of American-Zionist Capitalists. This attack will be started today at 2 pm. GMT. This attack will continue till the Erasing of that nasty movie. Beware this attack can vary in type.

Down with modern infidels.
Allah is the Greatest. Allah is the Greatest.

Charlie Hebdo Website Hacked over Prophet Mohammed Cartoons

The website of French satirical magazine Charlie Hebdo is under attack by hackers, after the paper published cartoons caricaturing the Prophet Mohammed.

A spokesperson form the magazine said hackers have been blocking access to the site since 5am and the attack is still ongoing.

A spokesperson for Charlie Hebdo told IBTimes UK that the magazine's staff have received several messages condemning the editorial decision to print cartoons featuring Mohammed. However no-one has claimed responsibility for the cyber-attack yet.

Anti-riot police has been sent to patrol the Paris offices of the magazine.

Provocative

The weekly edition of the satirical magazine features a cartoon of an imam on a wheelchair pushed by a rabbi, accompanied by the words "Untouchables 2: do not laugh!" as well as two cartoons depicting the Prophet naked in provocative positions.

The publication comes following a wave of violent protests in Muslim countries, triggered by the anti-Islamic movie Innocence of Muslims.

According to the Muslim faith, it offensive to depict Muhammad in any manner. However Charlie Hebdo's editor Stephane Charbonnier said the cartoons would "shock those who will want to be shocked," and claimed the right to freedom of expression.

"The freedom of the press, is that a provocation? I'm not asking strict Muslims to read Charlie Hebdo, just like I wouldn't go to a mosque to listen to speeches that go against everything I believe.

"If we start to question whether we have the right to draw Muhammad or not, if that is a dangerous thing to do or not, the next question is going to be: can we depict Muslims in the newspaper? And then: can we represent human beings in the newspaper?"

Reaction

Dalil Boubakeur, the senior cleric at Paris's biggest mosque, condemned the publication but called for the French Muslim community to keep calm and ignore the publication.

"It is with astonishment, sadness and concern that I have learned that this publication is risking increasing the current outrage across the Muslim world. I would appeal to them not to pour oil on the fire," he said.

France's Muslim Council also appealed for calm: "We urge French Muslims not to yield to the taunt."

French Foreign minister Laurent Fabius said he disapproved Charlie Hebdo's editorial decision.

"I am against all kind of provocations, especially in a sensitive time like the present," he said.

Last year Charlie Hebdo's headquarters in Rue Serpollet was fire-bombed after the magazine's decision to rename a special edition, featuring a cartoon of Mohammed, Charia Hebdo and list the Prophet as the editor-in-chief.

The magazine's website was also hacked in last year's attack.

Virgin Mobile USA online subscriber accounts can be easily hacked, developer says

September 18, 2012 — IDG News Service — The online accounts of Virgin Mobile USA subscribers are vulnerable to brute force attacks because the company forces customers to use weak passwords on its website, according to a software developer.

"Virgin Mobile forces you to use your phone number as your username, and a 6-digit number as your password," Kevin Burke, a software engineer at cloud communication company Twilio said Monday in a blog post. "This means that there are only one million possible passwords you can choose."

"This is horribly insecure," Burke said. "Compare a 6-digit number with a randomly generated 8-letter password containing upper-case letters, lower-case letters, and digits - the latter has 218,340,105,584,896 possible combinations."

Burke claims that he wrote a program which can determine the PIN number for any Virgin Mobile USA online account in less than a day, as long as the target's phone number is known, and which he successfully tested against his own account.

Once inside a Virgin Mobile online account, an attacker can read the account owner's call and SMS logs, change the handset associated with the account, change the email address and the mailing address, purchase a new handset with the credit card information on record and more, Burke said.

Burke claims that he notified Virgin Mobile USA and its parent company, Sprint Nextel, of the security issue on August 15 and he was initially told that the matter will be looked into. However, on September 14, in response to a request for a status update, a Sprint representative said that no further action will be taken by Virgin Mobile, Burke said.

It seems that Virgin Mobile USA does have some protection mechanism against brute force attacks built into its website. However, according to Burke, that protection is poorly implemented.

"Some people are mentioning they freeze you out after 4 invalid login attempts," Burke said Tuesday via email. "However you can get around this limitation by a) clearing your cookies, or b) not using a web browser like Google Chrome or Firefox to try the login attempts."

"I tried 100 bad logins in a row, followed by my good login, without getting locked out last night," the developer said. "An attacker could do the same."

When choosing their PIN on the Virgin Mobile website, customers are asked not to use more than 3 identical digits in a row -- for example 2222 -- and no more than 3 sequential numbers -- for example 2345. This is probably intended to make PINs more random and harder to guess.

Ironically, this actually decreases the number of variants that an attacker has to try in order to determine a PIN number when using a brute force attack.

"Practically speaking there's not much difference between 900K [thousands] possible combinations and a million combinations," Burke said. "It adds a little bit of time but what's an extra few minutes to a computer."

"They [Virgin Mobile USA] should allow people to use any character in their passwords, and probably set a *minimum* of 6 characters in a password," Burke said. "As I pointed out in the blog post, an 8 character password with 62 possibilities for each character has 218 trillion possible different combinations, making it impractical to brute force during our lifetime."

Virgin Mobile USA did not return a request for comment.

  

Nigeria: Terrorists Hack Into DHQ, Navy Websites

Abuja — Chief of Defence Staff, Air Chief Marshal Oluseyi Petinrin, raised alarm, Tuesday, that the Defence Headquarters' website and that of the Nigerian Navy had been hacked into by terrorists, adding that the threat posed by the Boko Haram sect, through online reports of their activities needed to be effectively checked.

Petinrin raised the alarm just as the Chief of Defence Communications, Air Vice Marshal Osmond Amu warned that if cyber crime was not checked, "the security challenges the country is currently facing, such as killings, bombs by Boko Haram, kidnapping, pipeline vandalism, oil theft, corruption and so on, which had kept the armed forces and other security agencies on their toes, would be nothing compared to the potential threats inherent in cyber space."

Speaking in Abuja, at the opening of the World Cyber Conference, the CDS, who was represented by Major-General K. Amao, Chief of Research and Development, DHQ, said to checkmate hacking into the websites of security agencies, "DHQ has achieved successes in the deployment of Information and Communication Technology, ICT, surveillance and tracking equipment to locate criminal elements in our society and perpetrators of the Boko Haram menace.

"However, further successes would be achieved if we appropriately apply cyber technology and space researches to tackle the country's contemporary security problems."

Declaring that it was no longer news that Nigeria has been making moves towards the actualisation of a cashless economy, the CDS said: "Before the pronouncement of the cashless policy, cyber attacks had been a major threat to the Nigerian economy. The threat to the Nigerian cashless policy can, therefore, never be overlooked.

"While the country's apex bank, CBN, backs this policy, commercial banks over the last few months have also keyed into the initiative.

"Cyber attacks may stand out as a stumbling block or threat to the actualisation of this project, except concrete measures are put in place to counter such attacks."

On his part, AVM Amu said: "The armed forces and other security agencies are by themselves incapable of containing the physical security challenges, hence the call for collective participation. Same applies to the containment of cyber threat, but with a higher universal involvement."

In her message, Minister of State for Defence, Erelu Olusola Obada, said the prevalence of cyber crime is a worrisome development as Nigeria becomes more reliant on ICT.

Source: Click to View

Private BitTorrent Tracker Hacked, Passwords Leaked By Afghani Hackers

Private BitTorrent Tracker Hacked, Passwords Leaked By Afghani Hackers

Hackers generally view BitTorrent trackers as friendly entities. Members of Anonymous are constantly extolling the virtues of The Pirate Bay and other trackers. Some hackers, however, are proving to be not as friendly.

It was revealed this morning that RevolutionTT, a private BitTorrent tracker, had been hacked. A group simply calling themselves “Afghanistan Hackers” uploaded a text file containing 19,000 username/password combinations for the exclusive torrent tracker. They encourage people to log in to private accounts, change the password, and enjoy the site for themselves.

TorrentFreak reports that the information leaked in the document is real. People have been using the username/password combinations to log into paid accounts. From there, people began to send fraudulent emails from the hacked accounts, or began looking to see if the same usernames or passwords had been used on other sites.

It’s already strange to see a torrent tracker get hacked, but the response has been even stranger. The admins at RevolutionTT are claiming they were not hacked. They have even started to ban members who are asking legitimate questions about the hack.

Regardless, old and current members of RevolutionTT are encouraged to change their passwords now. These kind of attacks can have ripple effects across the Internet. A victim on one site can find that all of their accounts across the Internet have been hacked simply because they used the same password across all of them.

There is a sliver of good news in all of this. The data leaked by the hackers may be an old dataset. Some of the usernames/passwords combinations work, but others do not. The hackers say they will release more information in the next few weeks though. The next batch could be more recent datasets that could cause even more harm.

A hack of this level is nothing new. It’s unfortunate, but it’s the kind of world we live in now. The significance of this particular attack shows that nothing is sacred. Hackers aren’t drawing lines anymore, and they will attack anything that has the potential for profit or chaos. The group here has obviously obtained the latter, and they may just obtain the former if the information from RevolutionTT proves to be useful.