Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

26 May 2006 | 4,970 views

The Enemy Within The Firewall

Prevent Network Security Leaks with Acunetix

I’ve seen similar figures from other organisations and countries, so the stats don’t surprise me.

My peers and I have always called this Armadillo security, hard on the outside, soft on the inside.

Firewall, IDS, etc…all protecting the exterior of the network, only edge devices, nothing inside, not much policies, not much privilege segregation, anyone inside can wreak havoc.

Employees are now regarded as a greater danger to workplace cyber security than the gangs of hackers and virus writers launching targeted attacks from outside the firewall.

That is the perception of 75 per cent of Australian information technology managers who took part in an international IBM security survey.

Also e-mail and instant messaging is becoming increasingly pervasive, with the advent of things like Google Talk capabilities in the GMail interface, sending information outside the protective layer of the company is getting easier and easier.

From my professional experience, I do know some companies have extremely strict standards which are audited regularly (these include rules about removable media, BIOS passwords and OS hardening standards).

While 32 per cent of survey respondents were intent on upgrading firewalls, only 15 per cent planned to invest in awareness and education training for employees and only 10 per cent restricted the use of mobile devices such as wireless handheld computers not specifically sanctioned by the IT staff.

“Organisations need to understand what are the key pieces of information that need to be protected and be able to track who has had access to them,” she said.

Sounds normal, good intent, but no action. Time for companies to sort themselves out I think.

A recent security report from antivirus company Symantec said cybercrime represented today’s greatest threat to consumers’ digital lifestyle and to online businesses in general.

“While past attacks were designed to destroy data, today’s attacks are increasingly designed to silently steal data for profit without doing noticeable damage that would alert a user to its presence,” the company said.

Source: The Age



25 May 2006 | 5,818 views

South-East Asia Vulnerable to Cyber Terrorism

Interesting to see this just a little while after Malaysia announced IMPACT, it’s anti cyber-terrorist task force..

IMPACT is its name, and making an impact in the battle against cyber-terrorism is its mission. Unveiled in Austin, Texas, the Malaysian initiative seeks to bring together governments and the international private sector to deal with increasing threats in cyberspace.

Known as the “International multilateral partnership against cyber-terrorism” or “IMPACT” it will serve as a pioneer platform to allow governments of the world to exchange notes and ideas, as well as to facilitate the sharing of skills and best practices, with the ultimate objective of combating these constantly evolving threats.

Now, this report conviently surfaces.

Southeast Asia will inevitably face an Internet-based attack by terrorists against key institutions, even though militant groups lack the technical savvy so far, security experts said Monday.

Developing nations remain especially vulnerable to a cyber assault because they haven’t built up defences for their computer, banking and utility systems, said Yean Yoke Heng, deputy director general of the Kuala Lumpur-based Southeast Asian Regional Center for Counterterrorism.

Well, seems reasonable to assume the above, but what effects would it have? This region isn’t heavily online, the broadband penetration is low and the system isn’t ‘e-government’ yet.

Regional authorities currently have no specific information about possible threats, which could include the hacking of public networks or the spread of a computer virus, but “it’s always good to be one step ahead of this terrorist threat,” Yean said.

The five-day conference, which brings together security officials and analysts from Malaysia, the United States, Japan, Cambodia, the Philippines, Singapore and Thailand, will discuss how governments can prevent terrorists from exploiting information technology.

It seems like terrorist cell groups use the net to recruit, plan and research attacks.

So far, Southeast Asian militant groups such as the al-Qaida-linked Jemaah Islamiyah network have mainly used the Internet to channel propaganda, recruit members, raise funds and coordinate bomb attacks, said Rohan Gunaratna, a Singapore-based militant expert.

“It will take a very long time for Southeast Asian terrorist groups to develop the capability to attack the Internet,” Gunaratna said.

“For now, groups such as Jemaah Islamiyah are using the Internet as a medium to create a new generation of radicalised Muslims.”

Its a good idea in theory, we just need to see if they have the technical skill to pull anything off, judging by the Malaysian CERT..I’d say no.

Source: The Star


25 May 2006 | 7,229 views

Carders Scamming Spammers!

Sounds complicated, it’s almost a tongue-twister.

It turns out the carders (people using stolen credit card details fraudulently) have worked out how to get money out of the spammers (spamming being massive nowdays)

Fraudsters who deal in stolen credit card data have devised a means to extract money from sponsors of junk mail campaigns.

Carders have signed up as affiliates to spam campaigns, but instead of sending out junk mail themselves they are using stolen credit card data to make purchases from the sponsors of spam campaigns, such as online pharmacies.

The carders earn a cut of these sales of anything between 40 to 50 per cent, the Washington Post’s security site reports, more than enough to make the scam viable.

It’s pretty funny that the people sending the spam out are complaining about this, as they losing money due to the bank charges.

But the sponsors of spam campaigns end up losing out because of charge backs generated when fraudulent purchases are identified. Higher incidents of charge-backs result in higher merchant fees while drawing the attention of banks and credit cards sponsors to dubious businesses. Far from benefiting from increased sales, spam sponsors end up losing out. In this way, card fraudsters are scamming the backers of spam.

Spam sponsors are complaining about been ripped off, a factor that allowed net security firm CipherTrust to identify the new ruse during the course of its work monitoring online spam and fraud forums.

So finally the spammers are getting some payback :D

“Basically, we’re seeing the carders and phishers starting to look for other ways to make money and starting to discuss new methods of making profits from their scams,” CipherTrust research scientist Dmitri Alperovitch said

We need to kill the spammers, spam eww…hopefully this will bankrupt them or something.

Good job carders.


24 May 2006 | 3,796 views

Security Researchers Afraid to Reveal Vulnerabilities

Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software.

Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? So people can do it without fear of getting sued?

The CERIAS weblog examines the risks associated with reporting vulnerabilities. In the end, he advises that the risks (in one situation, at least) were almost not worth the trouble, and gives advice on how to stay out of trouble. Is it worth it to report vulnerabilities despite the risks, or is the chilling effect demonstrated here too much?

A typical difficulty encountered by vulnerability researchers is that administrators or programmers often deny that a problem is exploitable or is of any consequence, and request a proof. This got Eric McCarty in trouble & the proof is automatically a proof that you breached the law, and can be used to prosecute you!

It’s an interesting point when it comes to public disclosure, unless you have permission, how do you prove you’ve found a vulnerability without getting in trouble?

HD Moore also discussed this recently with:

Breach case could curtail Web flaw finders


23 May 2006 | 23,066 views

hackers playground… windows?

Only as I am writing these lines I can imagine some people who will start laughing when reading this article… But my dear friends this may be the real thing… will see who will laugh 10 years from now…

I. Introduction
This article was ment to be, because, as you will notice, more and more hacking tools for windows have appeared…. Of course, you will say that hackin’ histeria began on *nix systems… and will exist forever… R.I.P.

II. Tools
Now this is were all the fun starts… because, as you will notice there are a number of tools that are ported, or very similar to *nix tools, that can be found for windows…

1. Mozilla [Firefox] – this is a must be (for security reasons), also a browser is comonly needed for anybody who wants to do webhacking…. so get it while it’s hot

2. nmap – didn’t you now? NMap was ported to Windoze, without the GUI, but that doesn’t bother anybody, does it? [ www.insecure.org ]

3. Putty – our grandious telnet/rlogin/ssh client… basicaly you can do with it any unencrypted type of conection; from telnet, ftp, smtp to http… [ grab it ]

4. Nemesis – your daily packet builder for Windows, not as good as HPing but an alternative… at least you can Remote LanD with it ;) [ http://nemesis.sourceforge.net/ ]

More tools:
PacketStormSecurity: http://www.packetstormsecurity.org/assess/win/
SecurityFocus: http://www.securityfocus.com/tools
WindowsRootkits: http://www.darknet.org.uk/2006/03/windows-rootkits/
NewWaveRootkits: http://www.rootkit.com

III. Brains
You’ll need to have a basic knwolege about hacking, which I supose you have so i’ll give you a list with usefull links for exploits, whitepapers, etc… you will just need some time, to read them, or to be pacient…

0Day Exploits: http://www.milw0rm.com/
BugTraq: http://www.securityfocus.com/archive/1
Vulnerabilities: http://www.securityfocus.com/vulnerabilities

IV. Ambition
This is a must be… because without ambitions you will give up very quickly and will start posting on huge groups things like:

can someone help me hack yahoo
how do I flood someone
I want to be a hacker can someone help me
I’m a win user can somebody give me a shell?

V. Epilogue

I don’t like that much Windows, but it’s gonna be [and it is] a great alternative for the ones who don’t use *nix systems… so cut the crap and learn… peace


23 May 2006 | 3,421 views

Ohio University Compromised for Over a Year!

A year? A whole year? A few days I can take, but surely if an Admin doesn’t know what’s going with his machines for a year….compromised for a year, there is something wrong.

An unprecedented string of electronic intrusions has prompted Ohio University to place at least one technician on paid administrative leave and begin a sweeping reorganization of the university’s computer services department.

Bill Sams, Ohio University’s chief information officer, said he initiated the reorganization on Friday. The Athens, Ohio-based university is reacting to recent discoveries that data thieves compromised at least three campus computer servers.

In a disclosure that hasn’t been widely reported, one of the compromised servers, which held Social Security numbers belonging to 137,000 people, was penetrated by U.S. and overseas-based hackers for at least a year and possibly much longer, Sams said in a phone interview Sunday with CNET News.com.

Pretty bad right? Universities should be on high alert after the previous incidents..

At least one security expert was astonished that a compromise could go undetected for so long.

“That’s unbelievable,” said Avivah Litan, security analyst with research firm Gartner. “I have never heard of that much of a delay. Why would it take a year to discover this? It doesn’t make any sense.”

What’s also alarming to Litan is that a year-long compromise could go undetected at a time when universities should be operating on high alert. Over the past year, numerous media reports have chronicled security breaches at such schools as Notre Dame, Purdue and Georgetown universities.

It is a problem for universities though, they usually have budgets problems and have to make do with Open Source solutions (which is fine if you have skilled people), setup by untrained people, who learn on the fly.

Then they have underpaid, overworked sys-admins, what do they expect? Plus it’s an educational facility, so they have to keep the knowledge free.

Pretty tough situation.

Ohio got screwed this time though, and it got out into the public domain.

The culprits who broke into the other two servers made off with health records belonging to students treated at the university’s health center, as well as Social Security numbers of an additional 60,000 people.

“We had a failure of both policies and procedures,” Sams said. Asked why, when so many schools were succumbing to computer attacks, Ohio University wasn’t quicker to order a security audit, Sams replied: “Should we have? Yes. Did we? No.”

Let’s hope the others learn some lessons.

Source: News.com


23 May 2006 | 3,374 views

Trojan for the Word Vulnerability in the Wild

We all knew it was just a matter of time until the ‘thing’ was out.

PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP.

Microsoft confirmed today the existence of this vulnerability and apparently is working on a hotfix.

This security problem allows the execution of code on affected systems and, more dangerously, allows the construction of malicious code which is indistinguishable at first glance from a normal Word file.

That’s more than enough to get 70%* of the people who use Microsoft Office to download and execute the file. If they open .BAT, .COM and .EXE, opening a .DOC is everyday work.

This attack is not limited to .DOC files, still, they will be the most used extension. It can take place with a .XLS file with an embedded Word document.

1Table.A – the new trojan – is detected by most of the antivirus software, however, user’s should have they’r eyes open until patch is released by Microsoft (even if they don’t consider it critical)

Source: NHS

* 80% of the statistics are made on the spot!

Digg This Article


22 May 2006 | 6,417 views

PBNJ 1.14 Released – Diff Your Nmap Results

PBNJ is a network tool that can be used to give an overview of an machine or multiple machines by identifying the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

However, PBNJ is able to handle additional scans and parse the data while only looking for changes. For example, if a machine was updated with a newer version of OpenSSH than was running when the first scan was performed, the CSV file would contain the difference of the scan. Very useful for vulnerability assessment and penetration testing.

It is included in Backtrack http://www.remote-exploit.org/index.php/BackTrack

Depending on what you need, PBNJ can do various things. It is able to give a layout of a class network. It can also be run as an automated scanning tool parsing the data to CSV format files and growing an in-depth view of a network over time.

CHANGLOG for 1.14
—————-
* fixed bug that crashed PBNJ after scanning a machine with no ports open
* fixed –nodiff banner bug
* Added –delim option to allow custom delimination
–delim [ default set to comma ]
* quick install script for ubuntu and linux systems
* Makefile.PL setup which will install pbnj properly

Version 2.0 will be released sometime in August.

You can find PBNJ Here.


22 May 2006 | 6,815 views

The Ultimate Net Monitoring Tool – Semantic Traffic Analyzer

Packet sniffing goes hi-tech? What’s wrong with ethereal?

The equipment that technician Mark Klein learned was installed in the National Security Agency’s “secret room” inside AT&T’s San Francisco switching office isn’t some sinister Big Brother box designed solely to help governments eavesdrop on citizens’ internet communications.

Rather, it’s a powerful commercial network-analysis product with all sorts of valuable uses for network operators. It just happens to be capable of doing things that make it one of the best internet spy tools around.

I guess the difference is, this one is designed to sit on 10Gbps pipes, and monitor traffic in real time, that is pretty impressive, if it can do 100% throughput..

Narus’ product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It’s renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they race by at up to 10 Gbps.

Internet companies can install the analyzers at every entrance and exit point of their networks, at their “cores” or centers, or both. The analyzers communicate with centralized “logic servers” running specialized applications. The combination can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network

VeriSign is also using it, so are many others.

Just remember, they are watching us.

That legal eavesdropping application was launched in February 2005, well after whistle-blower Klein allegedly learned that AT&T was installing Narus boxes in secure, NSA-controlled rooms in switching centers around the country. But that doesn’t mean the government couldn’t write its own code to do the dirty work. Narus even offers software-development kits to customers.

Source: Wired


21 May 2006 | 7,730 views

What Next? The Poker Rootkit of Course!

Ok so the list gets even BIGGER, after the WoW Trojan, Trojan for World Cup Fans, Ransomeware and the buy a spyware kit story

Now we proudly present, the Poker Rootkit!

For online poker players, this was always going to be a losing hand.

A Trojan with malicious rootkit features hidden in a legitimate software package distributed by online gaming tools vendor Check Raised has the ability to hijack log-in information for multiple online poker Web sites, according to a warning from Finnish security vendor F-Secure.

The spying Trojan, identified as Backdoor.Win32.Small.la, was built into a Rakeback calculator application (RBCalc.exe) distributed by Check Raised to help online poker players keep track of scaled commission fees taken by the Web site operator.

Pretty clever stuff.

When the spying component is initialized, it starts a keystroke logger and connects to a remote server that is programmed to send instructions to the infected machines. The instructions range from the downloading of executable files, the uploading of stolen information, the shutdown of the Trojan and the ability to send application screenshots.

The backdoor also sends out sensitive information to remote servers, including keylogger database, computer name, and the username and password of several online poker programs.

What I thought was really clever was the way in which the application took money from users, it’s not direct, it’s very smart in fact!

An anti-virus company says the rootkit is particularly malicious because the hacker could take a victim’s money without making it look stolen — by using the passwords to log on to a poker site, then playing very badly against players controlled by the hacker. The victims are then left with little recourse, since it looks like they just lost their money during normal play.

Smart stuff.

Source: eWeek