The former being rather smart as it’s encrypted and sent via a 3rd party network – so it’s not open to wiretapping. It’s unlikely the tracksuit wearing chavs & hoodies know that, but still – it’s keeping them safe. Posting videos/pictures of themselves on public Twitter and Facebook accounts is not so smart though and will surely lead to some arrests.

Anyway that’s not the topic here, the topic here is another politically motivated hacking attack – what we would commonly call cyberterrorism.

A Taiwanese political party suspects the Chinese government is behind a hacking attack that stole information about the party’s election activities.

Taiwan’s Democratic Progressive Party (DPP) said on Tuesday that some of the attacks had been traced to China’s Xinhua News Agency, a state-run press group. The attack operated as a phishing campaign, in which DPP staffers were sent e-mails by hackers who attempted to impersonate other party employees. The staffers were then told to open the e-mail attachments, which secretly contained viruses to monitor the computers, a DPP spokeswoman said.

The DPP alleges the attacks were routed from the Xinhua News Agency through Malaysia and Australia. The attacks were also traced to IP addresses from the Chinese mainland. The Xinhua News Agency was contacted for response, but has yet to an issue a comment.

IT security experts have said the attacks were part of a state-sponsored hacking attempt, according to the DPP. “Already many countries and security groups have said the attacks from China’s cyber army are well organized and that a state actor guides and supports them,” the DPP said in statement issued on the party’s website.

As we all know, Taiwan and China are not really the best of friends with China claiming Taiwan to be part of it and Taiwan not quite agreeing. In China they fully act like Taiwan is just another state/province in China.

This time it seems to be a state run Chinese news agency (Xinhua) attacking Taiwan’s Democratic Progressive Party (commonly know as DPP).

These are of course at this time just claims, and it’ll probably stay that way as there’s no conclusive proof in these kind of situations.

China is already in the spotlight for cyber attacks after security vendor McAfee reported a massive cyber attack that stole sensitive information from 72 companies and organizations. Although McAfee did not name the group behind the hacking attempts, security experts have pointed fingers at China because of the organizations targeted. China, however, has repeatedly denied it sponsors any kind of hacking.

A DPP spokeswoman said the phishing attacks have been an ongoing problem, but that it appears more of the recent hacking attempts have been coming from China.

Taiwan and China separated in 1949 after a civil war. While China’s ruling communist party seeks for reunification with the island, the DPP supports Taiwan becoming its own nation, putting the two at odds with one another.

The DPP said on Tuesday it also traced hacking attempts to Taiwan’s own Research, Development and Evaluation Commission and called for the commission to investigate. The commission could not be reached for immediate comment.

China have been in the spotlight fairly recently with some very widespread phishing attacks including – Targeted Phishing Attacks Carried Out On Gmail – Likely From China.

It seems like these kinds of games will be going on forever including hacktivism, cyberterrorism, defacement in the name of certain causes and all kinds of other naughty business.

With so much information on computers now it’s no surprise, I’d like to see these kind of organisations having better infosec policies though including awareness training for all staff with access to e-mail accounts and computers.

Source: Network World

The latest news is some hackers have been targeting users of the Gmail service, specifically US government officials. This comes shortly after the news of Lockheed Martin being compromised and a second military contractor being attacked using RSA SecurID tokens today.

It is what’s known as a ‘spear phishing’ attack – which means it’s aimed at a specific organization or in this case specific individuals. It’s not a shotgun approach – where they spray e-mails everywhere, more like a sniper rifle.

Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists.

The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn’t share any evidence supporting that claim.

“The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change people’s forwarding and delegation settings,” Google’s blog post, titled “Ensuring your information is safe online,” stated. “Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. Company officials have alerted the victims and “relevant government authorities.”

According to the February blog post, some of the phishing pages were hosted using the free dyndns.org service and contained images and text that were almost indistinguishable from those hosted on the real Google service. The links were “customized and individualized for each target,” independent security researcher Mila Parkour wrote

They are using the same old trick of getting the passwords then changing the forwarding settings so they can receive all the e-mails sent to that account somewhere else.

The attacks are said to originate from China, but as I’m sure you all know – just because the IP is in China it doesn’t mean the attacker is physically there too.

It’s a pretty systematic attack and extremely hard to defend against, because once they’ve compromised a few accounts of people that know each other – they can then make the personalized phishing mails even more relevant and convincing.

Once accounts were compromised attackers created rules to automatically forward all received email to accounts under their control, Parkour said. The attackers then used the purloined email to “gather information about the closets associates and family/friends” and exploited “the harvested information for making future mailings more plausible.”

Parkour’s post showed a half-dozen emails exchanged in the campaign, several of which contained Pentagon and US State Department addresses.

“This is the latest version of the State’s joint statement,” one fraudulent email read. “My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike.”

The email contained what appeared to be a Microsoft Word document as an attachment.

The incident harkens back to a separate attack Google disclosed in January 2010, that targeted the company’s source code and the Gmail accounts of human rights activists in China. Unlike the most recent phishing campaign, the “highly sophisticated and targeted attack” from 2010 exploited vulnerabilities on Google’s network to gain unauthorized access. Dozens of other companies were also targeted in the earlier attack.

Google’s blog post provides a variety of tips for keeping accounts secure. They include use of a two-step verification procedure when logging in to accounts to add an extra layer of security to the login process. Gmail also warns users of suspicious logins to their accounts.

Google does have a variety of security measure, they allow you see account activity details, IP addresses logged into your account and they do warn you of any suspicious activity. Recently they also started supporting two-factor authentication using tokens, this would totally defeat these kind of phishing attacks.

They support both SMS based authentication and application based (for iPhone, Android and BlackBerry).

So if you’re using a Google account, make sure it’s secure!

Source: The Register

The latest target from the group calling themselves the Pakistani Cyber Army was the site for the Central Bureau of Investigation in India – http://cbi.nic.in/.

Almost 4 days after the defacement, the site still appears to be down.

Close to four days after the site of India’s key investigation agency, the Central Bureau of Investigation (CBI), was hacked and defaced, the web site is still inaccessible to users.

The CBI is doing a thorough security audit, and plugging all holes to prevent another hack, Vinita Thakur, a spokeswoman said on Tuesday. She didn’t say when that would be complete, and the site restored.

The web site of the CBI was hacked and defaced on Friday night. The hackers calling themselves the “Pakistani Cyber Army” left a message saying that the attack was in revenge for similar Indian attacks on Pakistani sites.

The CBI’s IT systems were not compromised by the hack, as the web site and the CBI’s computer systems are separate, Thakur said.

They say they are doing a thorough audit and they are going to plug all the holes, but in reality – we know that’s not true because it’s not possible. They both seem to be stuck in a catch 22 situation as both the Indian and Pakistani sides continue with revenge attacks for the previous defacement.

Almost immediately after this attack the Indian Cyber Army executed another hack and deface job to retaliate. And well, whatever happens after this – it’s not going to be pretty for either side.

The information that the hackers had access to was public information, she added.

The border dispute between India and Pakistan over Kashmir has often spilled online, with both sides attempting to hack each other’s web sites.

The web site of Pakistan’s Oil & Gas Regulatory Authority was hacked on Saturday by a group called “Indian Cyber Army” in retaliation for the CBI web site hack, according to media reports from Pakistan.

The web site which displayed the message “This Account has been suspended” late Saturday, has since been restored.

The Pakistani site that was attacked is back up and accessible to the public again, but as of now I’m still seeing some database access error messages in the sidebar and at the top of the page – http://www.ogra.org.pk/.

My guess would be that this is not going to stop any time soon.

Source: Network World

Both Facebook and Twitter were hit with pretty severe DDoS attacks rendering them useless and unavailable to the majority of users.

The thing is it seems like it wasn’t a traditional network based botnet style DDoS attack, but a ‘joejob‘ attack where spam is sent out containing a link and the users clicking on the link contribute to the site becoming overwhelmed with requests.

The DoS attack has been confirmed on the Twitter Status page here – Ongoing denial-of-service attack.

The attack theory comes from Bill Woodcock, as reported by The Register.

Users looking to update their Twitter feeds or Facebook pages were likely disappointed Thursday morning, as a denial-of-service attack made both services hard to reach.

Around 9 a.m. Eastern Time, the number of responses from micro-blogging service Twitter fell precipitously, reaching a bandwidth of 60 Mbps by 10:40 a.m. ET, according to Arbor Networks, a networking services firm. Twitter had reached nearly 200 Mbps prior to the drop.

The service continued to be impacted Thursday afternoon, reaching a peak of 150 Mbps, about half of its normal peak for that time of day, according to Arbor.

It seems to be a politically motivated attack aimed at a certain anti-Russian blogger known as Cyxymu.

It targeted all web properties where had profiles, the main ones of course being Facebook and Twitter but also included Livejournal (where he hosts his blog) and his Youtube account.

It’s a simple but seemingly very successful method of attack, shown by the fact that it took out a couple of major sites which already manage large amounts of traffic.

Users also complained of issues accessing Facebook. The service confirmed midday on Thursday that, it too, had suffered a denial-of-service attack.

“You may have had trouble accessing Facebook earlier today because of network issues related to an apparent distributed denial-of-service attack,” the social network stated on its own Facebook page. “We have restored full access for most people. We’ll keep monitoring the situation to make sure you have the reliable experience you expect from us.”

You might have noticed a lot of failed requests if you use Facebook (JavaScript timeout errors and network pipe errors).

Facebook fell because of the same targetted attack on Cyxymu, they acknowledged such on their Facebook page.

Source: Security Focus