Archive | April, 2011

TJX Hacker Albert Gonzalez Claims Government Made Him Do It

Find your website's Achilles' Heel


The latest news from the tinfoil hat wearing conspiracy camp is that Albert Gonzalez the TJX hacker who was convicted in 2009 was authorized to hack by the US Government.

Back in 2009 we posted about that too – TJX Hacker Albert “Segvec” Gonzalez Indicted By Federal Grand Jury.

And now he’s saying his actions were endorsed by the government and that he was paid $1200USD a month to get close to the underground hacker community.

Convicted hacker Albert Gonzalez, who is currently serving a 20-year prison sentence after pleading guilty to the massive hacks at TJX, Heartland and numerous retailers, now claims that he thought he was authorized and directed by the government to carry out the illegal activities.

In a petition filed last month, first reported by Wired , Gonzalez informed the U.S. District Court for the District of Massachusetts that he would like to withdraw his guilty plea and asked the court to vacate its sentence. In his 25-page petition, Gonzalez blamed his attorneys Martin Weinberg and Rene Palomino for not properly representing him or informing him about his defense options. Gonzalez also claimed that his lawyers did not appeal his sentence as he had asked them to.

Gonzalez was arrested in Miami in 2008 along with 10 other individuals on charges relating to the thefts at TJX, Dave & Busters, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, Forever 21 and DSW. Later he was also charged with the break-ins at Heartland Payment Systems, Hannaford, 7-Eleven and two other unnamed retailers. Gonzalez was indicted in three different states, New York, Massachusetts and New Jersey for his crimes. Prosecutors alleged that Gonzalez and his international gang of cyber criminals stole data on more than 130 million debit and credit cards over a multi-year period.

I guess the fact he’s serving a 20 year sentence has really sunk in and he’s looking at ways to get out the jail time. It’s a feasible enough story I suppose, almost like the online version of a snitch. They get paid allowances too for sneaking around, watching what dodgy characters are up to and reporting back to their police buddies.

Plus if this guy does have some legitimate hacking skills and he used then to get close to carding rings and infiltrate chat rooms he could get some very useful information. It’d be a shame if his tale is true and he’s basically been stitched up by the US Government.


In Sept. 2009, Gonzalez, pleaded guilty to 20 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft. He was sentenced to two concurrent 20 year terms by federal courts in Massachusetts and NJ.

In his petition, Gonzalez claims that all of the criminal activities that he admitted to in court were actually done with the full knowledge and the direction of the United States Secret Service.

As previously known, Gonzalez noted that he had begun working as a confidential informant for the Secret Service back in 2003 soon after he was busted in connection with a series of ATM thefts. Gonzalez claims that over the next several years, he helped the Secret Service infiltrate various carder gangs and hacking groups, leading to the arrests of many of them.

Gonzalez’ petition details his interactions with two of his Secret Service handlers, who he claims treated him almost like another member of the agency and took him to different parts of the country for undercover work.

“The Agents had me infiltrating chat rooms setting people up and then the Agents would bust them,” he offers as one example of the work he claims to have done for the government. “On one occasion I was taken to California for a week to help Agents there with undercover operation that resulted in arrests and convictions,” Gonzalez said in his petition.

The only thing that puzzles me is why did it take him two years to do this? I’m pretty sure if it were true he would have filed straight away.

Anyway we’ll have to wait a while I guess to see what the courts think of his filing. It is possible he could have been misrepresented by his attorney and got a really bum deal.

If that’s the case, good luck Albert!

Source: Network World


Posted in: General Hacking, Legal Issues

Tags: , , , , , , , ,

Posted in: General Hacking, Legal Issues | Add a Comment
Recent in General Hacking:
- BADLOCK – Are ‘Branded’ Exploits Going Too Far?
- Dradis – Reporting Platform For IT Security Professionals
- Kid Gets Arrested For Building A Clock – World Goes NUTS

Related Posts:

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,169,069 views
- Hack Tools/Exploits - 624,306 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 433,432 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


DRIL – Domain Reverse IP Lookup Tool

Your website & network are Hackable


DRIL (Domain Reverse IP Lookup) Tool is a Reverse Domain Tool that will really be useful for penetration testers to find out the domain names which are listed in the the target host, DRIL is a GUI, JAVA based application which uses a Bing API key.

DRIL has a simple user friendly interface which will be helpful for penetration tester to do their work fast without a mess, this is only tested on Linux but as it is JAVA it should work on Windows too.

There are various other tools which carry out similar tasks, especially utilizing the Bing API.

You can download DRIL here:

DomainReverseIPLookup.jar

Or read more here.


Posted in: Hacking Tools, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,562 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,878 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,575 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Google Chrome To Protect Users Against Malicious Executables

Your website & network are Hackable


It looks like Google Chrome is stepping up to provide users with the most secure browsing experience. The browser has been built with security in mind since the beginning with it’s sandbox model and it escaped exploitation during the recent Pwn2Own contest.

Now they are infringing on the area of anti-virus vendors and stepping up in the fight against malware by proposing to block applications that are harmful to Windows users.

All we need to do now is make sure all new computers ship out with Chrome or Firefox installed as the default browser.

Google says it’s expanding its blacklist of malicious websites to include those that use deceptive claims to push harmful Windows programs.

The addition to Google’s Safe Browsing API will warn people when they are about to visit websites that offer Windows-based trojans that are disguised as screen savers or other innocuous applications. The search behemoth introduced the service five years ago to alert users when they try to browse sites that perform drive-by downloads that exploit security vulnerabilities in the operating system or browsing software.

The underlying programming interface is already being used by browsers including Google Chrome, Mozilla Firefox, and Apple Safari. It’s also available to any webmaster who wants to use the wealth of information available from Google to prevent malicious links from being posted to their sites.

Seen as though this is part of the Google Safe Browsing API, I wonder will Firefox follow suit and implement this in their browser. It’s always a good idea to give users an additional layer of security.

The onion approach rather than security by obscurity – or more commonly, just not giving two shits.

Drive by downloads have been a problem for a long time, and will continue to be a problem when it comes to users lacking proper secure computing habits (e.g. most of the public mass).


“Safe Browsing has done a lot of good for the web, yet the internet remains rife with deceptive and harmful content,” Moheeb Abu Rajab, a member of Google’s security team, blogged on Tuesday. “It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently.”

Keyloggers, botnet software and adware are just three examples.

The new feature will initially be available only for Chrome users who subscribe to the browser’s development release channel. The company plans to integrate it into the next stable release of Chrome. There is no mention of it being made available to browser providers outside of Google.

The warning will be displayed whenever users encounter a download from a URL that matches the latest list of malicious websites published by the Google API.

Safe Browsing is good and I think it really helps, especially with phishing sites which tend to get reported very quickly and then are promptly blocked in users browsers.

The new feature isn’t available in the current stable release of Chrome, but will be merged into the next stable version and is currently available in the development release.

Source: The Register


Posted in: Countermeasures, Malware, Security Software

Tags: , , , , , , , , , , , ,

Posted in: Countermeasures, Malware, Security Software | Add a Comment
Recent in Countermeasures:
- Fully Integrated Defense Operation (FIDO) – Automated Incident Response
- MISP – Malware Information Sharing Platform
- Google Rapid Response (GRR ) – Remote Live Forensics For Incident Response

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,084 views
- Password Hasher Firefox Extension - 117,769 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,723 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Wappalyzer – Web Technology Identifier (Identify CMS, JavaScript etc.)

Find your website's Achilles' Heel


Wappalyzer is an add-on for Firefox that uncovers the technologies used on websites. It detects CMS and e-commerce systems, message boards, JavaScript frameworks, hosting panels, analytics tools and several more.

The company behind Wappalyzer also collects information about web based software to create publicly available statistics, revealing their growth over time and popularity compared to others. Most of this data is anonymously collected from this Firefox add-on which has been installed by thousands of users.

Wappalyzer was founded in 2008 by Elbert F and has been made possible with the funding of AOE media GmbH, the leading Open Source web development company in Germany.

It detects the majority of common CMS systems, a full list can be found here.

You can download Wappalyzer here:

Wappalyzer.xpi

Or read more here.


Posted in: Hacking Tools, Web Hacking

Tags: , , , , , , , , , , ,

Posted in: Hacking Tools, Web Hacking | Add a Comment
Recent in Hacking Tools:
- Unicorn – PowerShell Downgrade Attack
- Wfuzz – Web Application Brute Forcer
- wildpwn – UNIX Wildcard Attack Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,977,562 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,417,878 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 678,575 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More

Your website & network are Hackable


It’s been a while since I’ve added a post to my beloved Retards category (almost a year and a half), since I put the disclaimer and link on the contact page – I’ve actually had a lot less retarded e-mails.

Which is good in a way as I no longer have to waste my time reading them, and bad in a way because I no longer get to laugh at people on a daily basis. Anyway, I still get some – so here they are for your viewing pleasure :)

Ok let’s start off with a classic example..of something I barely understand.

From: patrick
Subject: hi

Message Body:
master is ur window 7 ultimate still on for sale….and how do u I learn this hacking of a stuff…i dam interested…

Oh sorry what? I think you misunderstood the topic of this site.

From: PAM
Subject: program

Message Body:
i need to know what program to download to be able to use our digital dictation recorder

Right ok, I’ll get to work on the Paid Server Indian Web immediately and also write a system to remind you of your own password..

From: phillips
Subject: hi,

Message Body:
pls guys kindly give me a tutorail on how to creat a paid server indian web by myself,and also i forget my computer password and any time i want to on it ,it will be rwquesting for password which i dont know it again,bros what can i do.

Love hashing ya, xx

From: Nita
Subject:

Message Body:
Hi :) My name is Nita and I joined this site for hashing a password,I just don’t know where to hash it.Can someone help me? :)

Byee,Love ya x

Random spacing (check)
Missing letters (check)
Random capitalization (check)

From: FieriHack
Subject: its posible

Message Body:
its posible to find an adres passwd off FAcebook
please P.m to me

Ok you ask me to contact you ‘securely’ but you mail me from a Yahoo! address, no PGP key, no hushmail account…nothing..

From: Soulis
Subject: Question

Message Body:
Please contact me securely.
Thanks


And an old classic thrown in for good measure – the cheating spouse.

From: Kesavan
Subject: Hi

Message Body:
Please, please help me I need a password for a yahoo account…
The password concerned is my life partner for 15 years and I know he is cheating on me…I just need proof to confront him, I did confront him, he treathened to kill me if I carry on asking him about him having affairs…
If you can his email accounts are
xxx@yahoo.com
xxx@textiles.co.za

I would really appreciate it…
Thanks

Is it possible? Yah probably, but you need a brain first.

From: kanan
Subject: Texas Hold em Poker

Message Body:
IS Hacking Zynga Poker possible,add chips or view table cards?

There seems to be more and more Facebook based requests nowadays – here’s another one..

From: felix
Subject: facebook password

Message Body:
I am being falls accused by an impostor using my name, i cannot stop her from spreading news al over my family and friends saying bad words about me. its getting worst.

please help.

felix

I believe what you are looking for is called “A Job” accompanied by “A Credit Card” you scumbag.

From: Blacksheepbo
Subject: Hacking Software

Message Body:
I am looking for a software that will hack into a website like adultfriendfinder or xxxblackbook and allow you to have a free gold or silver membership. Whats out there that will do that or come close?

This selection is from November 2010 – January 2011…I have tons more, will post them soon :)


Posted in: Retards

Tags: , , ,

Posted in: Retards | Add a Comment
Recent in Retards:
- Retarded E-mails – Damn Interested Hacking, Paid Server Indian Web, Love Hashing & More
- Retarded E-mails – Carding, Coins, Bombs & More!
- Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE

Related Posts:

Most Read in Retards:
- Retarded E-mails – Crack Hotmail? Hack Facebook? Boyfriend Cheating? - 64,504 views
- Retarded E-mails – Carding, Coins, Bombs & More! - 33,469 views
- Retarded E-mails – Brute Force, Change School Grades, Hack US Military & MORE - 10,865 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95