Blog

  • Ed Harrison - Hiroden 651

    posted by Keito
    2012-10-27 14:58:27
  • Major banks hit with biggest cyberattacks in history

    posted by Keito
    2012-09-29 16:57:00
    'There's a good chance your bank's website was attacked over the past week.

    Since Sept. 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence. Thursday's victim, PNC's website, was inaccessible at the time this article was published.

    Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks -- huge amounts of traffic directed at a website to make it crash -- were the largest ever recorded by a wide margin, according to two researchers.

    Banks get hit by cyberattackers all the time and typically have some of the best defenses against them. This time, they were outgunned.

    "The volume of traffic sent to these sites is frankly unprecedented," said Dmitri Alperovitch, co-founder of CrowdStrike, a security firm that has been investigating the attacks. "It's 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack."

    To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. That overwhelmed Bank of America and Chase's Web servers on Sept. 19, Wells Fargo and U.S. Bank on Wednesday and PNC on Thursday. Fred Solomon, a spokesman for PNC, confirmed that a high volume of traffic on Thursday was affecting users' ability to access the website, but he declined to go into more detail.

    Denial of service attacks are an effective but unsophisticated tool that doesn't involve any actual hacking. No data was stolen from the banks, and their transactional systems -- like their ATM networks -- remained unaffected. The aim of the attacks was simply to temporarily knock down the banks' public-facing websites.

    To get hold of all the servers necessary to launch such huge attacks, the organizers needed to plan for months, Alperovitch said. The servers had to be compromised and linked together into a network called a "botnet."

    That level of pre-planning is a deviation from the kinds of denial of service attacks launched at banks in the past by so-called "hacktivists." Typically, hacktivists use home PCs infected with malware to amass their botnets. Attacks on this scale would be impossible to carry out with home PCs -- users too frequently turn them off or disconnect them from the Internet.

    The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil", but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.

    Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran.

    "I don't believe these were just hackers who were skilled enough to cause disruption of the websites," he said. "I think this was done by Iran ... and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

    A call requesting comment from the Department of Homeland Security's cybersecurity office was not immediately returned.

    A cybersecurity firm following the attacks also expressed doubt about the connections between the Cyber Fighters and the bank attacks. On social networks and chat forums, the group urged its followers to use a mobile "low orbit ion cannon" -- a software tool typically used by Anonymous and other hacktivist groups to direct a massive flood of traffic at a targeted site.

    That tool was not used in the attack, according to Ronen Kenig, director of security products at network security firm Radware.

    "Supporters of this group didn't join in the attack at all, or they joined in but didn't use that tool," said Kenig. "The attack used a botnet instead." He doesn't think the Cyber Fighters would have access to a botnet as advanced as the one used by the attackers.

    But CrowdStrike's Alperovitch said he is "quite confident" the perpetrator was the Izz ad-Din al-Qassam Cyber Fighters, since they announced each attack well before it was carried out, and the attack wasn't that sophisticated -- it just took significant planning. PNC was the last target on the lists the Cyber Fighters have circulated, but more attacks could still be coming.

    Both researchers agree that the controversial anti-Muslim YouTube video was not the initial impetus for the attacks, as the Cyber Fighters claimed in messages recruiting volunteers to join in. Before the video was even released, the group claimed responsibility for similar attacks.

    "The video is simply an excuse," Alperovitch said. "It's a red herring."'


    http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
  • Computer virus hits second energy firm

    posted by Keito
    2012-09-02 16:33:08
    'Computer systems at energy firm RasGas have been taken offline by a computer virus only days after a similar attack on oil giant Aramco.

    The attacks come as security experts warn of efforts by malicious hackers to target the oil and energy industry.

    The attack forced the Qatar-based RasGas firm to shut down its website and email systems.

    RasGas, one of the world's largest producers of liquid petroleum gas, said production was not hit by the attack.

    The company said it spotted the "unknown virus" earlier this week and took desktop computers, email and web servers offline as it cleaned up.

    The report comes only days after Saudi Arabia's Aramco revealed it had completed a clean-up operation after a virus knocked out 30,000 of its computers. The cyber- assault on Aramco also only hit desktop computers rather than operational plant and machinery.

    Both attacks come in the wake of alerts issued by security firms about a virus called "Shamoon" or "Disstrack" that specifically targets companies in the oil and energy sectors.

    Unlike many other contemporary viruses Shamoon/Disstrack does not attempt to steal data but instead tries to delete it irrecoverably. The virus spreads around internal computer networks by exploiting shared hard drives.

    Neither RasGas nor Aramco has released details of which virus penetrated its networks.

    The vast majority of computer viruses are designed to help cyber-thieves steal credit card numbers, online bank account credentials and other valuable digital assets such as login names and passwords.

    However, an increasing number of viruses are customised to take aim at specific industries, nations or companies.

    The best known of these viruses is the Stuxnet worm which was written to disable equipment used in Iran's nuclear enrichment efforts.'

    http://www.bbc.co.uk/news/technology-19434920
  • Oil Producer Saudi Aramco Reveals Cyber Attack Hit 30,000 Workstations

    posted by Keito
    2012-08-29 20:53:43
    'Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August.

    Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks.

    “The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Saudi Aramco said over Facebook.

    “We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Saudi Aramco’s chief executive, Khalid al-Falih, said in a statement.

    However, one of Saudi Aramco’s websites which was taken offline after the attack - www.aramco.com - remained down yesterday. E-mails sent by Reuters to people within the company continued to bounce back.

    Supposed hacktivists have claimed the hit on the oil giant, saying they would hit the company again tomorrow. The group said it was “fed up of crimes and atrocities taking place in various countries around the world”, in a post on Pastebin. They said they were targeting the House of Saud, the ruling royal family of Saudi Arabia, and targeted Aramco as it was “the largest financial source for Al-Saud regime”.

    The group, calling itself the ‘Cutting Sword of Justice’, claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers achieving a 75 percent infection rate of all the company’s systems. It refuted suggestions that a nation state was behind the attack.

    Symantec, one of the world’s largest internet security companies, said on the day after the Saudi Aramco attack that it had discovered a new virus that was targeting at least one organisation in the global energy sector, although it did not name that organisation.

    “It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” Symantec said in a blog posting about the virus, which it called W32.Disttrack. “Threats with such destructive payloads are unusual and are not typical of targeted attacks.”

    Saudi Aramco’s al-Falih said in his statement yesterday: “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”'

    http://thehackernews.com/2012/08/saudi-aramco-oil-producers-30000.html
  • Ex-Lulzsec-Head Sabu Rewarded Six-Month Sentencing Delay

    posted by Keito
    2012-08-25 10:05:30
    '"Ex-Lulzsec-head and hacker Hector Xavier Monsegur a.k.a. Sabu has managed to get his court case delayed by six months – thanks to his cooperation with the US Federal authorities in getting other Lulzsec members behind bars. This news came to light after a court document appeared online, which was filed by the US Government as a request to the US district Attorney. The US Gov put forward an adjournment request "in light of the defendant's ongoing cooperation with the Government." The request has been accepted and now the case has been adjourned till 22 February, 2013."'

    http://yro.slashdot.org/story/12/08/24/0236246/ex-lulzsec-head-sabu-rewarded-six-month-sentencing-delay