Archive | 2010

India Central Bureau of Investigation (CBI) Site Still Down

Cybertroopers storming your ship?


There has been quite a lot of chatter online about this case, politically there are long standing disputes between India and Pakistan and naturally these also extend to online wars – which inevitably end in defacement.

The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau of Investigation in India – http://cbi.nic.in/.

Almost 4 days after the defacement, the site still appears to be down.

Close to four days after the site of India’s key investigation agency, the Central Bureau of Investigation (CBI), was hacked and defaced, the web site is still inaccessible to users.

The CBI is doing a thorough security audit, and plugging all holes to prevent another hack, Vinita Thakur, a spokeswoman said on Tuesday. She didn’t say when that would be complete, and the site restored.

The web site of the CBI was hacked and defaced on Friday night. The hackers calling themselves the “Pakistani Cyber Army” left a message saying that the attack was in revenge for similar Indian attacks on Pakistani sites.

The CBI’s IT systems were not compromised by the hack, as the web site and the CBI’s computer systems are separate, Thakur said.

They say they are doing a thorough audit and they are going to plug all the holes, but in reality – we know that’s not true because it’s not possible. They both seem to be stuck in a catch 22 situation as both the Indian and Pakistani sides continue with revenge attacks for the previous defacement.

Almost immediately after this attack the Indian Cyber Army executed another hack and deface job to retaliate. And well, whatever happens after this – it’s not going to be pretty for either side.


The information that the hackers had access to was public information, she added.

The border dispute between India and Pakistan over Kashmir has often spilled online, with both sides attempting to hack each other’s web sites.

The web site of Pakistan’s Oil & Gas Regulatory Authority was hacked on Saturday by a group called “Indian Cyber Army” in retaliation for the CBI web site hack, according to media reports from Pakistan.

The web site which displayed the message “This Account has been suspended” late Saturday, has since been restored.

The Pakistani site that was attacked is back up and accessible to the public again, but as of now I’m still seeing some database access error messages in the sidebar and at the top of the page – http://www.ogra.org.pk/.

My guess would be that this is not going to stop any time soon.

Source: Network World


Posted in: General News

Tags: , , , , , , , , , , , , , , ,

Posted in: General News | Add a Comment
Recent in General News:
- Teen Accused Of Hacking School To Change Grades
- Google’s Chrome Apps – Are They Worth The Risk?
- Twitter Breach Leaks 250,000 User E-mails & Passwords

Related Posts:

Most Read in General News:
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,375 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views
- Seattle Computer Security Expert Turns Tables On The Police - 43,703 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


LFIMAP – Scan For Files Vulnerable To LFI (Local File Inclusion)

Cybertroopers storming your ship?


There are some existing tools that deal with LFI vulnerabilities such as fimap the Remote & Local File Inclusion (RFI/LFI) Scanner and inspathx a Tool For Finding Path Disclosure Vulnerabilities (which can lead to the discovery of LFI).

A new simple tool was released recently which focuses purely on LFI attacks.

Functions

  • Automatically find the root of the file system
  • Detect default files outside of the web folder
  • Attempts to detect passwords inside the files
  • Supports basic authentication
  • Can use null byte to bypass some controls
  • Writes a report of the scan to a file

You can download LFIMAP 1.4.3 here:

lfimap-1.4.3.tar.gz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking

Tags: , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Web Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,323 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Cloud Computing Use By Criminals Increasing

Don't let your data go over to the Dark Side!


Over the last couple of years Cloud Computing has started gaining some real leverage, it’s being deployed on a wide scale, it’s becoming more affordable and the platforms supplying such services are becoming more stable.

Of course the natural progression of this wider adoption is the focus of the security community and naturally the bad guys too.

There are already tools/services that will rate your Cloud Security and there have been demonstrations of Password Cracking using Cloud Platforms.

Legitimate businesses may well be turning to the Cloud in increasing numbers, but so too are illegitimate business, according to the Minister for Home Affairs and Justice, Brendan O’Connor.

In a speech, given at the International Association of Privacy Professionals Annual Conference in Sydney, O’Connor said cyber criminals were increasingly exploiting the Cloud to achieve their own aims.

“Cyber criminals can not only steal data from Clouds, they can also hide data in Clouds,” he said. “Rogue Cloud service providers based in countries with lax cybercrime laws can provide confidential hosting and data storage services, which facilitates the storage and distribution of criminal data, avoiding detection by law enforcement agencies. By way of example, O’Connor said cyber criminals could use the Cloud to secretly store and distribute child abuse material for commercial purposes.

“Cyber criminals can control servers in Clouds, denying legitimate users access to websites and targeting websites with repeated messages or images,” he said. “There have also been suggestions that Clouds can be used as launching pads for new attacks, such as trying all possible password combinations to break into encrypted data.”

According to O’Connor, the late 2009 attack on Google and several other companies was a reminder of how vulnerable systems and data were.

The whole Cloud model is a boon for cyber-criminals as they can effectively rent as much computing power and storage space as they need with stolen credit card details. They can keep it private if they want, and it’s distributed virtually ‘bullet-proof’ hosting.

I’m sure it’s something which will become more prevalent and I’m pretty sure it’s something which the authorities will start looking into soon. The one thing that will get everyone hot and bothered is if it’s discovered that a Cloud Platform is being used for any form of terrorism.


In order to mitigate the risks posed by cyber security, increased transparency and confidence building between Cloud service providers, businesses and government agencies was required, O’Connor said.

For its part, the government was seeking to achieve this through Australian Federal Police’s (AFP) High Tech Crime Unit, a child exploitation tracking system developed by CrimTrac, and thought leadership from the Australian Government Information Management Office (AGIMO).

“AGIMO has consulted widely across government, and is currently investigating a number of issues, including: the vulnerability of offshore data storage; the extra-territorial legal issues around compliance and privacy; and, the contractual arrangements necessary to achieve appropriate levels of security,” O’Connor said.

“Because Cloud service providers aren’t interchangeable, the difficulties inherent in swapping providers will also need to be considered, along with the ability to retrieve information in the event of a disaster or vendor failure.”

In addition, there may also be increased security or privacy risks for governments if a Cloud had unrelated customers sharing hardware and software resources, with the concentration of resources and data in one place providing an attractive target for cyber-criminals.

As with any new platform it needs to mature and it needs some kind of legislation to crack down on illegal activities plus laws to deal with privacy, data segregation and so on.

It’s certainly an area which has sparked some interest and I’m sure we’ll all be watching it closely. I do deal with some large scale web deployments that need high-availability/clustered/cloud platform components so I’m pretty sure some of you do to.

Source: Network World


Posted in: General Hacking, Web Hacking

Tags: , , , , , , ,

Posted in: General Hacking, Web Hacking | Add a Comment
Recent in General Hacking:
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS
- Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,168,210 views
- Hack Tools/Exploits - 622,192 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,552 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Armitage – Cyber Attack Management & GUI For Metasploit

Cybertroopers storming your ship?


Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don’t use Metasploit every day. If you want to learn Metasploit and grow into the advanced features, Armitage can help you.

Armitage organizes Metasploit’s capabilities around the hacking process. There are features for discovery, access, post-exploitation, and maneuver.

For discovery, Armitage exposes several of Metasploit’s host management features. You can import hosts and launch scans to populate a database of targets. Armitage also visualizes the database of targets–you’ll always know which hosts you’re working with and where you have sessions.

Armitage assists with remote exploitation–providing features to automatically recommend exploits and even run active checks so you know which exploits will work. If these options fail, you can use the Hail Mary approach and unleash db_autopwn against your target database.

For those of you who are hacking post-2003, Armitage exposes the client-side features of Metasploit. You can launch browser exploits, generate malicious files, and create Meterpreter executables.

Once you’re in, Armitage provides several post-exploitation tools built on the capabilities of the Meterpreter agent. With the click of a menu you will escalate your privileges, dump password hashes to a local credentials database, browse the file system like your local, and launch command shells.

Finally, Armitage aids the process of setting up pivots, a capability that lets you use compromised hosts as a platform for attacking other hosts and further investigating the target network. Armitage also exposes Metasploit’s SOCKS proxy module which allows external tools to take advantage of these pivots. With these tools, you can further explore and maneuver through the network.

If you want to learn more about Metasploit there are also some great resources here:

Learn to use Metasploit – Tutorials, Docs & Videos

Requirements

To use Armitage, you need the following:

  • Linux or Windows
  • Java 1.6+
  • Metasploit Framework 3.5+
  • A configured database. Make sure you know the username, password, and host.

Armitage Changelog

You can download Armitage here:

Windows – armitage112510.zip
Linux – armitage112510.tgz

Or read more here.


Posted in: Exploits/Vulnerabilities, Hacking Tools

Tags: , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,323 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Windows Vista & Windows 7 Kernel Bug Can Bypass UAC

Cybertroopers storming your ship?


Now this is not the first time Windows UAC has hit the news for being flawed, back in February 2009 it was discovered that Windows 7 UAC Vulnerable – User Mode Program Can Disable User Access Control and after that in November 2009 it was demonstrated that Windows 7 UAC (User Access Control) Ineffective Against Malware.

A zero-day for Windows 7 back in July of this year also bypassed Windows UAC.

Once again a serious zero-day has hit Windows, this time an unpatched vulnerability in the Kernel. So far it only seems to be a local exploit, for full devastating effect hackers will need to combine this with a remote zero-day to get access to the machine and then elevate their permissions and bypass UAC with this.

Microsoft is investigating reports of an unpatched vulnerability in the Windows kernel that could be used by attackers to sidestep an important operating system security measure.

One security firm dubbed the bug a potential “nightmare,” but Microsoft downplayed the threat by reminding users that hackers would need a second exploit to launch remote attacks.

The exploit was disclosed Wednesday — the same day proof-of-concept code went public — and lets attackers bypass the User Account Control (UAC) feature in Windows Vista and Windows 7. UAC, which was frequently panned when Vista debuted in 2007, displays prompts that users must read and react to. It was designed to make silent malware installation impossible, or at least more difficult.

“Microsoft is aware of the public posting of details of an elevation of privilege vulnerability that may reside in the Windows kernel,” said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail. “We will continue to investigate the issue and, when done, we will take appropriate action.”

The bug is in the “win32k.sys” file, a part of the kernel, and exists in all versions of Windows, including XP, Vista, Server 2003, Windows 7 and Server 2008, said Sophos researcher Chet Wisniewski in a Thursday blog post.

Microsoft is aware of the flaw but has not yet issued a statement as to when they will be patching this, I’d imagine given their past that will wait for the next Patch Tuesday before pushing the patch out. And plus the fact it’s a kernel bug it, it may take a little more time to fix.

The security companies seem to be taking this one quite seriously as the publicly-released code is confirmed working across multiple versions of Windows.

There is a very slight chance that Microsoft might push an Out-of-band-patch for this, but I find it unlikely as it’s not a remote vulnerability.


Several security companies, including Sophos and Vupen, have confirmed the vulnerability and reported that the publicly-released attack code works on systems running Vista, Windows 7 and Server 2008.

Hackers cannot use the exploit to remotely compromise a PC, however, as it requires local access, a fact that Microsoft stressed. “Because this is a local elevation-of-privilege issue, it requires attackers to be already able to execute code on a targeted machine,” said Bryant.

“On its own, this bug does not allow remote code execution, but does enable non-administrator accounts to execute code as if they were an administrator,” added Wisniewski.

Although many Windows XP users, especially consumers and those in very small businesses, run the OS via administrator accounts, Microsoft added UAC to Vista and later operating systems as one way to limit user privileges, and thus malware’s access to the PC.

Attackers would have to combine the exploit with other malicious code that takes advantage of another vulnerability on the machine — not necessarily one in Windows, but in any commonly-installed application, such as Adobe Reader, for example — to hijack a PC and bypass UAC.

“This exploit allows malware that has already been dropped on the system to bypass [UAC] and get the full control of the system,” said Prevx researcher Marco Giuliani in an entry on that security company’s blog Thursday.

Prevx reported the vulnerability to Microsoft earlier in the week.

Microsoft has changed the way UAC functions before when it was demonstrated that it could be easily bypassed. The next patch cycle is due on Tuesday, Dec. 14 – which thankfully isn’t too long. I’d be expecting a kernel patch for this issue by then.

There is more info about the issue here:

Sophos – New Windows zero-day flaw bypasses UAC
Prevx – Windows 0-day exploit: Q&A session

Source: Network World


Posted in: Exploits/Vulnerabilities, Windows Hacking

Tags: , , , , , , , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a Comment
Recent in Exploits/Vulnerabilities:
- BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records
- Apple Will Not Patch Windows QuickTime Vulnerabilities
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Related Posts:

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 234,323 views
- AJAX: Is your application secure enough? - 120,029 views
- eEye Launches 0-Day Exploit Tracker - 85,481 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


BlackSheep – Detect Users Of FireSheep On The Network

Cybertroopers storming your ship?


As you surely know, things blew up recently at Toorcon 12 with the release of the much talked about Firefox plugin called Firesheep.

There were various discussions about how to mitigate against it like using Firefox plug-ins to force SSL connections (where available). Microsoft also tried to secure Hotmail with SSL but kinda b0rked that too.

For the 1 person in the World left that doesn’t know, Firesheep allowed any user to seamlessly hijack the web session of another user on the same local network. Although such attacks are not new, the ease of use presented by Firesheep brought session hijacking to the masses.

BlackSheep, also a Firefox plugin is designed to combat Firesheep. BlackSheep does this by dropping ‘fake’ session ID information on the wire and then monitors traffic to see if it has been hijacked. While Firesheep is largely passive, once it identifies session information for a targeted domain, it then makes a subsequent request to that same domain, using the hijacked session information in order to obtain the name of the hijacked user along with an image of the person, if available. It is this request that BlackSheep identifies in order to detect the presence of Firesheep on the network. When identified, the user will be receive the following warning message:


BlackSheep - Detect FireSheep

It should be noted that Firesheep and BlackSheep cannot be installed on the same Firefox instance as they share much of the same code base. If you want to run both Firesheep and BlackSheep on the same machine, they should be installed in separate Firefox profiles.

Requirements

In order to install BlackSheep, you need:

  • Mac OS X: 10.5 or newer on an Intel processor.
  • Windows: XP or newer. Install Winpcap first!
  • Firefox: 3.5 or newer. 32-bit only.
  • Linux : details here

You can download BlackSheep here:

blacksheep-latest.xpi

Or read more here.


Posted in: Countermeasures, Forensics, Network Hacking, Security Software

Tags: , , , , , , , , ,

Posted in: Countermeasures, Forensics, Network Hacking, Security Software | Add a Comment
Recent in Countermeasures:
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response
- PEiD – Detect PE Packers, Cryptors & Compilers
- NAXSI – Open-Source WAF For Nginx

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,029 views
- Password Hasher Firefox Extension - 117,718 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,707 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


SHA-1 Password Hashes Cracked Using Amazon EC2 GPU Cloud

Don't let your data go over to the Dark Side!


It’s not the first time someone has pulled this off, back in November 2009 we wrote about Using Cloud Computing To Crack Passwords – Amazon’s EC2.

Add that with a story way back from 2007 – Graphics Cards – The Next Big Thing for Password Cracking? – and you’ve got yourself an interesting combo with the new offering from Amazon, distributed GPU-based resources.

Put those two stories together in true hacker style and you end up with a guy who used GPU instances on the Amazon EC2 platform to crack SHA-1 password hashes.

A German security enthusiast has used rented computing resources to crack a secure hashing algorithm (SHA-1) password.

Thomas Roth used a GPU-based rentable computer resource to run a brute force attack to crack SHA1 hashes. Encryption experts warned for at least five years SHA-1 could no longer be considered secure so what’s noteworthy about Roth’s project is not what he did or the approach he used, which was essentially based on trying every possible combination until he found a hit, but the technology he used.

What used to be the stuff of distributed computing projects with worldwide participants that took many months to bear fruit can now be done by a lone individuals in minutes and using rentable resources that cost the same price as a morning coffee to carry out the trick. Roth’s proof-of-concept exercise cost just $2. This was the amount needed to hire a bank of powerful graphics processing units to carry out the required number-crunching using the Cuda-Multiforcer.

SHA-1 was of course cracked way back in 2005, and widely reported on in 2007 – and whilst being phased out it is still used in many applications.

But then this attack isn’t really using any flaws in the algorithm – it’s just straight up hash cracking it.

The tool he used was CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer.


SHA-1, although it is in the process of being phased out, still forms a component of various widely-used security applications, including Secure Sockets Layer, Transport Layer Security and S/MIME protocols. Roth claims to have cracked all the hashes from a 160-bit SHA-1 hash with a password of between 1 and 6 characters in around 49 minutes. The process would create a rainbow table, allowing short and therefore automatically insecure passwords to be matched to their hash. It wouldn’t work for longer length passwords. Even so, the bigger point that rentable computing resources might be used for password hacking still stands.

Security watchers warn that the development opens up the possibility of cybercrooks using pay-as-you-go cloud computing-based parallel processing environment for their own nefarious purposes.

Chris Burchett, CTO and co-founder of the data security firm Credant, said: “It’s easy to start up a 100-node cracking cluster with just a few clicks, but if you extend the parallel processing environment by just a few factors, it becomes possible to crack passwords of most types in a relatively short timeframe.”

Cybercriminals might use stolen payment card credentials to fund their cloud cracking escapades “which means they will not be bothered about the cost involved,” he added.

Around 12 months ago, another white-hat hacker, Moxie Marlinspike, created an online Wi-Fi password-cracking service called WPAcracker.com. The $17-a-time service is able to crack a Wi-Fi password in around 20 minutes, compared to the 120 hours a dual-core PC might take to carry out the same job.

Although there’s nothing really new here, it’s still an interesting implementation of some already known techniques. As cloud/distributed computing becomes even cheaper, I’d guess we’ll be seeing more similar attacks in the future.

The original post (which precise details on how to set everything up) can be found on the blog of Thomas Roth here:

Cracking Passwords In The Cloud: Amazon’s New EC2 GPU Instances

Source: The Register


Posted in: Password Cracking, Programming

Tags: , , , , , , , , , ,

Posted in: Password Cracking, Programming | Add a Comment
Recent in Password Cracking:
- RWMC – Retrieve Windows Credentials With PowerShell
- 123456 Still The Most Common Password For 2015
- LaZagne – Password Recovery Tool For Windows & Linux

Related Posts:

Most Read in Password Cracking:
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,662 views
- Password Cracking Wordlists and Tools for Brute Forcing - 569,338 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 432,552 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


CUDA-Multiforcer – GPU Powered High Performance Multihash Brute Forcer

Cybertroopers storming your ship?


The Cryptohaze Multiforcer is a high performance multihash brute forcer with support for per-position character sets, and very good performance scaling when dealing with large hash lists. As an example, on a list of 10 hashes, the Cryptohaze Multiforcer achieves 390M steps per second on a GTX260/216SP@1.24ghz card. On a list of 1.4 million hashes with the same card, performance drops to 380M steps per second. This is the password stepping rate – not the search rate. The search rate is 380M * 1.4M passwords per second!

Platforms

The Cryptohaze Multiforcer supports Windows, Linux, and Mac OS X. An nVidia GPU with CUDA support (8000 series, 9000 series, GTX200 series, GTX400 series) is required for this to function. Additionally, a reasonably modern driver with CUDA support will be required. However, to see good rates, a fairly powerful GPU is required. GTX200 series cards are the lowest recommended cards.

Usage


The Multiforcer takes two files as inputs: the hash file, and the character set file. The hash file is very simple: One hash per line as follows:

Hash input file

The character set file is slightly more complex. For a single character set (the same character set applied to all positions), the character set file is very simple: Just the character set in a file, followed by a newline:

Single charset file (-c parameter)

You can download CUDA-Multiforcer here:

MacOS (Intel Only) – CUDA-Multiforcer-Mac-0.72.tar.bz2
Windows (64-Bit Only) – CUDA-Multiforcer-Windows-0.72.zip
Linux – (32 & 64-Bit) – CUDA-Multiforcer-Linux-0.72.tar.bz2

Or read more here.


Posted in: Hacking Tools, Password Cracking

Tags: , , , , , , , , , ,

Posted in: Hacking Tools, Password Cracking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,662 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,750 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


European Banks Seeing New Wave Of ATM Skimming

Cybertroopers storming your ship?


ATM hacking and skimming were often in the news a few years back, but since the banks ramped up the security on ATM machines – including anti-skimming devices – ATM fraud activities seemed to drop off. Remember the Pro ATM Hacker ‘Chao’ Gives Out ATM Hacking Tips and a bunch of people getting busted not long after that.

Well it seems ATM skimming has resurfaced with the clever criminals finally gaining the ability to remove the anti-skimming devices and modify them to their own nefarious ends.

Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.

Many banks have fitted ATMs with devices that are designed to thwart criminals from attaching skimmers to the machines. But it now appears in some areas that those devices are being successfully removed and then modified for skimming, according to the latest report from the European ATM Security Team (EAST), which collects data on ATM fraud throughout Europe.

Skimming devices are designed to record the account details from the magnetic stripe on the back of a payment card. The data can then be encoded onto a dummy card. A person’s PIN (personal identification number) is often captured with a micro-camera, which was done with the illicitly modified anti-skimming devices, according to the report.

Banks in five countries also reported seeing a new type of skimming device, which uses a modified MP3 player to record card details. It also has a micro-camera to record PINs, according to a photo seen by IDG News Service

The advantage of ATM skimming rather than just plain old hacking the data online is that with the placement of a small camera you can also record the PIN number associated with each card – so after cloning it you can actually use it to withdraw money from the ATM.

It seems like the new skimming devices are much more high tech and also use off the shelf components, such as an MP3 player.


EAST doesn’t reveal which banks noticed the fraud or the country in which it occurred. EAST only notes whether the attack occurred in a country that is a “major deployer” of ATMs — where there are more than 40,000 machines in the country. Those countries include France, Germany, Spain, Russia and the U.K.

Installing malicious software on an ATM is a more sophisticated way to execute fraud. One country of the five major deployers saw this style of attack, which was first seen in Eastern Europe in 2007.

ATMs often run operating systems such as Microsoft’s Windows CE and are vulnerable to attacks executed remotely and by people who break into the machines to install malware. Both kinds of attacks were demonstrated by security researcher Barnaby Jack at the Black Hat conference in Las Vegas in July.

European banks haven’t seen a new kind of attack called “shimming.” This attack involved inserting an extremely thin plastic circuit board into a point-of-sale device or ATM. It then can record data either on the card itself or transmit the data using a wireless transmitter. Due to the design of ATM machines in Europe, “we don’t think shimming is an ATM threat,” said Lachlan Gunn, EAST’s coordinator.

They haven’t really released any details such as which banks were effected or even which countries the skimming attacks took place in. There has actually been a record number of skimming attempts this year but the losses have dropped.

I’d guess that would be due to the new security-measures built into the EMV (Europay, Mastercard, Visa) ATM cards which have a chip built in that EMV compliant ATM machines can scan and verify.

Source: Network World


Posted in: Legal Issues, Privacy, Spammers & Scammers

Tags: , , , , , , , , , , , , , ,

Posted in: Legal Issues, Privacy, Spammers & Scammers | Add a Comment
Recent in Legal Issues:
- FBI Backed Off Apple In iPhone Cracking Case
- TalkTalk Hack – Breach WAS Serious & Disclosed Bank Details
- More Drama About Hillary Clinton’s E-mail Leak – VNC & RDP Open

Related Posts:

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,690 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,594 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,599 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Crunch – Password Cracking Wordlist Generator

Cybertroopers storming your ship?


Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.

Some other options are:

Of course John the Ripper (JTR) has some built in options for creating permutations from Wordlists.


Features

  • Crunch generates wordlists in both combination and permutation ways
  • It can breakup output by number of lines or file size
  • Now has resume support
  • Pattern now supports number and symbols
  • Pattern now supports upper and lower case characters separately
  • Adds a status report when generating multiple files

You can download Crunch here:

crunch2.6.tgz

Or read more here.


Posted in: Hacking Tools, Password Cracking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Password Cracking | Add a Comment
Recent in Hacking Tools:
- The Backdoor Factory (BDF) – Patch Binaries With Shellcode
- Gdog – Python Windows Backdoor With Gmail Command & Control
- SPF (SpeedPhish Framework) – E-mail Phishing Toolkit

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,972,970 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,399,662 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 675,750 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95