Five Arrested In High-Profile Cyberattacks

NEW YORK (CNN) -- Top members of the computer hacker group"Anonymous" and its offshoots were arrested and charged Tuesday after a wide-ranging investigation used the help of a group leader who was working as a secret government informant.

Five of the suspects, considered by investigators among the "most sophisticated hackers in the world," were arrested in the United States and Europe and charged in a Manhattan federal court over their alleged role in high-profile cyberattacks against government agencies and large companies, according to an indictment.

A sixth man, Hector Xavier Monsegur, a notorious hacker known as "Sabu," pleaded guilty in August to computer hacking and other crimes.

Read more...

Google Hacking With GGGoogleScan

GGGoogleScan
GGGoogleScan is a Google scraper which performs automated searches and returns results of search queries in the form of URLs or hostnames. Datamining Google’s search index is useful for many applications. Despite this, Google makes it difficult for researchers to perform automatic search queries. The aim of is to make automated searches possible by avoiding the search activity that is detected as bot behaviour [1]. Basically we can enumerate hostnames and URLs with the GGGoogleScan tool, which can prove a valuable resource for later.

This tool has a number of ways to avoid being detected as a bot; one of them is horizontal searching, where we’re searching for multiple search words in parallel without requesting the contents of, for example, 1-50 results found by that search query. Rather than that, we’re making a large number of search queries, saving the results and only requesting a small number of web pages that were found as a result of scanning.

Read more...

Hexed – Working Effectively In The Hex Editor

I love my hex editor! I mean I really do. As reverse engineers and binary explorers, the hex editor is arguably the most used tool for human binary reconnaissance. From format exploration to file rebuilding, it’s the best utility in our toolkit with a great legacy of its own. From the diverse range of editors to the ken of features provided, it might seem a little daunting to first timers and redundant to advanced types. It’s my goal in this article to highlight the various features of this mighty tool that might just make your day. Let’s get to it.
What should you expect from your editor?

Locating your bytes:

The main display is always a hex byte representation of the binary file arranged in a tabular fashion.

Read more...

Google's Android Malware Detection Falls Short

Android appears to be on a trajectory to become the Windows of mobile operating systems, but there's a downside to ubiquity. Rising market share means increasing attention from malware authors.

Sophos, a computer security company, asserts that there is a growing malware problem for Android devices and that Android devices are less safe than iOS or Windows Phone devices. The FBI has noticed too, issuing a warning in October about risks facing Android users.

Read more...

Hactivist Group Team Ghostshell Takes Credit For Extensive Breach

The hacktivist group Team Ghostshell took credit Monday for the release of 1.6 million accounts and records stolen from government and private organizations covering aerospace, law enforcement, the military, the defense industry and banking.

Among the organizations the group claimed to have stolen information included NASA's Center For Advanced Engineering, the Department of Homeland Security (DHS) Information Network, the FBI's Washington division in Seattle, the Federal Reserve and Interpol.

Read more...

China Mafia-Style Hack Attack Drives California Firm to Brink

During his civil lawsuit against the People’s Republic of China, Brian Milburn says he never once saw one of the country’s lawyers. He read no court documents from China’s attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. 

That doesn’t mean Milburn’s adversary had no contact with him.

Read more...

E-Reader Privacy Chart, 2012 Edition

Who's Reading What Your Reading?

E-readers are great toys but if you concerned with who is tracking you don not get one.

Read more...

Scanning Web Servers With Nikto

Nikto is a tool that it has been written in Perl and it can perform tests against web servers in order to identify potential vulnerabilities. Nikto can be used in web application penetration tests and in some cases can produce juicy results.Specifically if a system administrator has not configured very well his web server and the web server is out of date or there is a misconfiguration Nikto is capable to find them.

For the needs of the article we will use Nikto in order to scan the web server where the DVWA (Damn Vulnerable Web Application) is hosted.Before we start the scan it is always a good practice to perform an update for obtaining the latest plugins.This can be achieved with the -update parameter.

Read more...

Romanian Authorities Dismantle Cybercrime Ring Responsible For $25M Credit Card Fraud

By Lucian Constantin
November 27, 2012 02:24 PM ET

IDG News Service - Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling $25 million.

Officers from the country's organized crime police working with prosecutors from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT) executed 36 search warrants on Tuesday at residential addresses in several Romanian cities and arrested 16 individuals suspected of being members of the credit card fraud ring.

According to DIICOT, the group's members gained unauthorized access to computer systems belonging to foreign companies that operate gas stations and grocery stores, and installed computer applications designed to intercept credit card transaction data.

Read more...

Hackers Hit International Atomic Energy Agency Server

IDG News Service - A group of hackers leaked email contact information of experts working with the International Atomic Energy Agency (IAEA) after breaking into one of the agency's servers.

The group published a list of 167 email addresses along with its manifesto on Sunday in a post on Pastebin.

"Some contact details related to experts working with the IAEA were posted on a hacker site on 25 November 2012," IAEA spokeswoman Gill Tudor said Wednesday in an emailed statement. "The IAEA deeply regrets this publication of information stolen from an old server that was shut down some time ago. In fact, measures had already been taken to address concern over possible vulnerability in this server."

Read more...