Hackers Breached Adobe Server in Order to Sign Their Malware
posted by Keito
2012-09-29 17:01:17'The ongoing security saga involving digital certificates got a new and disturbing wrinkle on Thursday when software giant Adobe announced that attackers breached its code-signing system and used it to sign their malware with a valid digital certificate from Adobe.
Adobe said the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system.
Adobe said it was revoking the certificate and planned to issue new certificates for legitimate Adobe products that were also signed with the same certificate, wrote Brad Arkin, senior director of product security and privacy for Adobe, in a blog post.
“This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh,” Arkin wrote. “The revocation does not impact any other Adobe software for Macintosh or other platforms.”
The three affected applications are Adobe Muse, Adobe Story AIR applications, and Acrobat.com desktop services.
The company said it had good reason to believe the signed malware wasn’t a threat to the general population, and that the two malicious programs signed with the certificate are generally used for targeted, rather than broad-based, attacks.
Arkin identified the two pieces of malware signed with the Adobe certificate as “pwdump7 v7.1″ and “myGeeksmail.dll.” He said that the company passed them on to anti-virus companies and other security firms so that they could write signatures to detect the malware and protect their customers, according to the post.
Adobe didn’t say when the breach occurred, but noted that it was re-issuing certificates for code that was signed with the compromised signing key after July 10, 2012. Also, a security advisory the company released with its announcement showed that the two malicious programs were signed on July 26 of this year. Adobe spokeswoman Liebke Lips told Wired that the company first learned of the issue when it received samples of the two malicious programs from an unnamed party on the evening of Sept. 12. The company then immediately began the process of deactivating and revoking the certificate.
The company said the certificate will be re-issued on Oct. 4, but didn’t explain why it would take that long.
Digital certificates are a core part of the trust that exists between software makers and their users. Software vendors sign their code with digital certificates so that computers recognize a program as legitimate code from a trusted source. An attacker who can sign their malware with a valid certificate can slip past protective barriers that prevent unsigned software from installing automatically on a machine.
Revoking the certificate should prevent the signed rogue code from installing without a warning.
Stuxnet, a sophisticated piece of malware that was designed to sabotage Iran’s nuclear program, was the first malicious code discovered in the wild to be using a valid digital certificate. In that case the attackers – believed to have been working for the U.S. and Israel – stole digital certificates from two companies in Taiwan to sign part of their code.
Adobe said that it stored its private keys for signing certificates in a hardware security module and had strict procedures in place for signing code. The intruders breached a build server that had access to the signing system and were able to sign their malicious programs in that way.
In addition to concerns about the compromised certificate, the breach of the build server raises concerns about the security of Adobe’s source code, which might have been accessible to the attackers. But Arkin wrote that the compromised build server had access to source code for only one Adobe product. The company did not identify the product but said that it was not the Flash Player, Adobe Reader, Shockwave Player or Adobe AIR. Arkin wrote that investigators found no evidence that the intruders had changed source code and that “there is no evidence to date that any source code was stolen.”
Questions about the security of Adobe’s source code came up earlier this month after Symantec released a report about a group of hackers who broke into servers belonging to Google and 33 other companies in 2010. The attackers were after source code for the companies. Adobe was hacked around the same time, but has never indicated if the same attackers that hit Google were responsible for hacking them.
Symantec found evidence that the attackers who struck Google had developed and used an unusually large number of zero-day exploits in subsequent attacks against other companies. The attackers used eight zero-day exploits, five of which were for Adobe’s Flash Player. Symantec said in its report that such a large number of zero-days suggested that the attackers might have gained access to Adobe’s source code. But Arkin insisted at the time that no Adobe software had been stolen.
“We are not aware of any evidence (direct or circumstantial) indicating bad guys have [source code],” he told Wired at the time.'
FBI denies link to leak of 12 million Apple codes
posted by Keito
2012-09-06 19:57:13Following on from the leaked Apple UDID codes earlier this week, the FBI has come out saying "We never had info in question. Bottom Line: TOTALLY FALSE"... Funny that! =) It couldn't possibly be that a 3 letter agency is lying to the public and gathering information about innocent civilians via any means at hand?... Could it?!
The BBC covers it as such:
'The FBI says there is "no evidence" that a hacker group gained access to 12 million identifying codes for Apple devices via an FBI agent's laptop.
AntiSec, a hacker group, posted a file on the internet on Monday that it said contained more than one million of Apple's so-called UDID codes.
UDIDs are a 40-character string unique to each Apple device.
AntiSec said it gained the codes from the laptop of an FBI agent called Christopher Stangl.
Mr Stangl works in the bureau's Regional Cyber Action Team, Wired Magazine reports.
AntiSec suggested that the 12 million codes were being used by the FBI to track the associated users.
Along with the posted file, the group said in a statement that it had only released one million IDs and had scrubbed identifying information, including full names, telephone numbers and addresses.
Commenting on the AntiSec revelation, the FBI said it had no indication of any link to its agent or computer.
"At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data," the bureau said in a statement on Tuesday.
Peter Kruse, an e-crime specialist with CSIS Security Group in Denmark, tweeted on Tuesday that the leak "is real" and that he confirmed three of his own devices in the data.
Johannes Ullrich of the SANS Internet Storm Center told the AFP that while "there is nothing else in the file that would implicate the FBI... it is not clear who would have a file like this".
Hackers identifying themselves with AntiSec have made previous hits this year on the websites of Panda Labs' anti-malware products and New York Ironwork - a company that sells equipment to US police.'
For those that want to take a look at the source of this leak, check it out here. It reads as follows...
"Now I know what a ghost is. Unfinished business, that's what."
― Salman Rushdie, The Satanic Verses
we share ideas sometimes through the voice of twitter.com/@AnonymousIRC
so then there is where to look for news.
So well, some of you know what we were at during these last long weeks, and
probably less people know we were also testing new stuff and shits for our next
so, whatever. Happy to bring this Special #FFF Edition to you (so special that's
even not on friday), again for the utterly lulz.
we have written our very honest statement here, ofc it was intended for those
who are truely interested on reading it, for those fellows who dont give a fuck
about ideology and who are just lurking for the candy, skip it and jump
directly to the candy and lulzy part titled: Candy and Lulzy part. we hope you
find it useful as well as funny. and for those who dont care about the whole
fucking shit... wtf r u doing here?? go and download a movie.
so here we go...
just a comment: we are still waiting for published news about the
$ 2 billions worth loans Assad has taken from Russia,
mentioned on the syrian mails
and also about the transfer of money to austrian banks etc....
and also cocks...
So, don't be lazy journos and look for them.
a few words.
"For when all else is done, only words remain. Words endure."
In July 2012 NSA's General Keith Alexander (alias the Bilderberg Biddy) spoke
at Defcon, the hacker conference in Las Vegas, wearing jeans and a cool EFF
t-shirt (LOL. Wtf was that?). He was trying to seduce hackers into improving
Internet security and colonoscopy systems, and to recruit them, ofc, for his
future cyberwars. It was an amusing hypocritical attempt made by the system to
flatter hackers into becoming tools for the state, while his so-righteous
employer hunts any who doesn't bow to them like fucking dogs.
We got the message.
We decided we'd help out Internet security by auditing FBI first. We all know
by now they make Internet insecure on purpose to help their bottom line. But
it's a shitty job, especially since they decided to hunt us down and jail our
It's the old double standard that has been around since the 80's. Govt Agencies
are obsessed with witchhunts against hackers worldwide, whilst they also
recruit hackers to carry out their own political agendas.
You are forbidden to outsmart the system, to defy it, to work around it. In
short, while you may hack for the status quo, you are forbidden to hack the
status quo. Just do what you're told. Don't worry about dirty geopolitical
games, that's business for the elite. They're the ones that give dancing orders
to our favorite general, Keith, while he happily puts on a ballet tutu. Just
dance along, hackers. Otherwise... well...
In 1989 hagbard (23yrs old) was murdered after being involved into cold war spy
games related to KGB and US. Tron, another hacker, was
murdered in 1998 (aged 26) after messing around with a myriad of cryptographic
stuff (yeah, it's usually a hot item) and after making cryptophon easily
accesible for the masses. And then you have Gareth Williams (31), the GCHQ
hacker murdered and "bagged" inside a MI6's "safe" house (we'd hate to see what
the unsafe ones look like) in August of 2010 after talking about being curious
about leaking something to Wikileaks with fellow hackers on irc. And the list
goes on. It's easy to cover up when they want to, hackers often have complex
personalities, so faking their suicide fits well.
You are welcome to hack what the system wants you to hack. If not, you will be
Jeremy Hammond faces the rest of his productive life in prison for being an
ideological motivated political dissident. He was twice jailed for following
his own beliefs. He worked until the end to uncover corruption and the
connivance between the state and big corporations. He denounces the abuses and
bribes of the US prison system, and he's again facing that abuse and torture at
the hands of authorities.
Last year, Bradley Manning was tortured after allegedly giving WikiLeaks
confidential data belonging to US govt... oh shit. The world shouldn't know how
some soldiers enjoy killing people and even less when they kill journalists. Of
course, the common housewife doesn't deserve to know the truth about the
hypocrisy in the international diplomacy or how world dictators spend money in
luxury whilst their own people starve. Yep, the truth belongs only to the
elite, and if you are not part of them (forget it, that won't happen), fuck
People are frustrated, they feel the system manipulating them more than ever.
Never underestimate the power of frustrated people.
For the last few years we have broke into systems belonging to Governments and
Big corporations just to find out they are spending millions of tax dollars to
spy on their citizens. They work to discredit dissenting voices. They pay their
friends for overpriced and insecure networks and services.
We showed how former govt and military officials were making new businesses
using their government relationships.
They funnel public money to their own interests for overpriced contracts for
crap level services. They use those
relationships to extra-officially resolve affairs involving their businesses.
We exposed a criminal System eliminating those who think different;
criminalizing them. This System won't tolerate those who dig for the truth, it
can't. So no one has the right to question anything coming from this system. if
you buy a piece of hardware or software you just need to use it as it was
supposed to be used: anything else is forbidden.
No tinkering allowed.
If you buy a Playstation, you are not allowed to use it as you want to -- you
can only use it the Sony wants you to. If you have found a way to improve
something, just shut up. You are not allowed to share this info with anyone
else and let them make improvements, too. We are not the real owners of
anything anymore. We just borrow things from the System. Shiny, colorful
things, we agree to play with for a fee. A fee for life.
Because this system works only if you keep working to buy new things.
Not important if they are good things, just buy new crap, even better like that.
So everything gets outdated soon.
You home, stuff, car and computer, you will pay for everything you have for all
of your life. All the time: a monthly fee, forever until you die. That's the
future; nothing is really yours. LAAS - Life As A Service.
You will rent your life.
And better hurry up and work all day if you want to stay alive. Work 'til
you're exhausted and don't think. No -- thinking is bad. Play games instead, do
drugs too, why not? Or go to the movies. The Entertainment Industry is here to
resolve all your philosophical and trascendental problems. Shiny colorful crap.
but please don't think too much.
Thinking is dangerous.
Accept the offer, it's the perfect deal.
You get all those amazing shiny colorful beads.
It will only cost you freedom...and your life.
Indians did it with Manhattan.
There's nothing to worry about it, is there?
And what if you are a lone wolf who quietly outside the system, doing your own
thing, without saying a word? They will be mad as hell. They will try to find
you. You will be fucked up anyway, sooner or later. Because the system wants
you clearly identified, with all your personal details well packed into a
government database so it can make its watchdogs' lives easier.
Security researchers are often questioned and their movements tracked by Secret
Service, FBI and other shits. They are asked about their projects, who their
clients are, who they are talking to, what they know about other hackers, etc..
So be a good monkey, follow the rules, head down and you'll get some coins
that let you keep renting your life.
But hey! Wait...
We are hackers...
We are supposed to look beyond the rules, to find things others don't see. And
THE SYSTEM, yeah the whole fucking system, it's just another system.
...and we do that.
we hack systems.
This is our next challenge: to decide whether to become tools for the system,
or for ourselves. The system plans to use us to hold the next in their endless
wars, their cyberwars.
Hackers vs. hackers, slaves vs slaves.
We are trapped.
Jack Henry Abbott, a writer who was incarcerated almost his whole life for his
crimes, wrote before hanging himself: "As long as I am nothing but a ghost of
the civil dead, I can do nothing…", the 'civil dead' are those, like himself,
who had their autonomy systematically destroyed by the state. Now his words
extend to cover all of us. We have seen our own autonomy being systematically
destroyed by the State. We are becoming ghosts of our dead civil rights.
So yes we are criminals, we are the criminals our dear system have created:
Argumentum ad Baculum
In a world where you fear the words you use to express yourself. Where you are
punished for choosing the wrong ones, we have just decided to follow our own
way. There's no worst kind of slavery than one where you are afraid of your own
Governments around the globe are already in control of us in real life, and
they have now declared war on the people to take over the Internet.
It's happening now. It's not waiting for you to wake up.
So now my dear friends, it's your turn to decide where you belong,
and what you are made of.
"When the people fear the government there is tyranny, when the government
fears the people there is liberty."
― Thomas Jefferson
CANDY! CANDY! CANDY!...............candy.
HOW TO GET THE CANDY ONCE YOU HAVE DOWNLOADED THE FILE
first check the file MD5:
(lol yes, a "1337" there for the lulz, God is in the detail)
then decrypt the file using openssl:
openssl aes-256-cbc -d -a -in file.txt -out decryptedfile.tar.gz
tar -xvzf decryptedfile.tar.gz
and then check file integrity using the MD5 included in the password u used to
^ yeah that one.
if everything looks fine
then perhaps it is.
there you have. 1,000,001 Apple Devices UDIDs linking to their users and their
the original file contained around 12,000,000 devices. we decided a million would be
enough to release.
we trimmed out other personal data as, full names, cell numbers, addresses,
not all devices have the same amount of personal data linked. some devices
contained lot of info.
others no more than zipcodes or almost anything. we left those main columns we
consider enough to help a significant amount of users to look if their devices
are listed there or not. the DevTokens are included for those mobile hackers
who could figure out some use from the dataset.
file contains details to identify Apple devices.
Apple Device UDID, Apple Push Notification Service DevToken, Device Name,
We never liked the concept of UDIDs since the beginning indeed.
Really bad decision from Apple.
so the big question:
why exposing this personal data?
well we have learnt it seems quite clear nobody pays attention if you just come
and say 'hey, FBI is using your device details and info and who the fuck knows
what the hell are they experimenting with that', well sorry, but nobody will care.
FBI will, as usual, deny or ignore this uncomfortable thingie and everybody will
forget the whole thing at amazing speed. so next option, we could have released
mail and a very small extract of the data. some people would eventually pick up
the issue but well, lets be honest, that will be ephemeral too.
So without even being sure if the current choice will guarantee that people
will pay attention to this fucking shouted
'FUCKING FBI IS USING YOUR DEVICE INFO FOR A TRACKING PEOPLE PROJECT OR SOME
SHIT' well at least it seems our best bet, and even in this
case we will probably see their damage control teams going hard lobbying media
with bullshits to discredit this, but well, whatever, at least we tried and
eventually, looking at the massive number of devices concerned, someone should
care about it. Also we think it's the right moment to release this knowing that
Apple is looking for alternatives for those UDID currently and since a while
blocked axx to it, but well, in this case it's too late for those concerned
owners on the list. we always thought it was a really bad idea. that hardware
coded IDs for devices concept should be erradicated from any device on the
market in the future.
so now candy was delivered.
few words, and just a few, about how the shit came. we don't like too much
about disclosing this part, we understood it would be needed, so, fuck
whatever. lost asset. Hope it serves for something.
During the second week of March 2012, a Dell Vostro notebook, used by
Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action
Team and New York FBI Office Evidence Response Team was breached using the
AtomicReferenceArray vulnerability on Java, during the shell session some files
were downloaded from his Desktop folder one of them with the name of
"NCFTA_iOS_devices_intel.csv" turned to be a list of 12,367,232 Apple iOS
devices including Unique Device Identifiers (UDID), user names, name of device,
type of device, Apple Push Notification Service tokens, zipcodes, cellphone
numbers, addresses, etc. the personal details fields referring to people
appears many times empty leaving the whole list incompleted on many parts. no
other file on the same folder makes mention about this list or its purpose.
to journalists: no more interviews to anyone till Adrian Chen get featured in
the front page of Gawker, a whole day, with a huge picture of him dressing a
ballet tutu and shoe on the head, no photoshop. yeah, man. like Keith
Alexander. go, go, go.
(and there you ll get your desired pageviews number too) Until that happens,
this whole statement will be the only thing getting out
directly from us. So no tutu, no sources.
Our support to Wikileaks and Julian Assange.
respect to Tunisian and Egyptian people, keep the good fight. Dont accept new
oppressors in the place of the old ones.
To Syrian rebels: If Assad wins he will exterminate all of you till the very
last one, so better go and kill the motherfucker and his
bunch of suckers for once.
Support to Pussy Riot: Hang in there, babes! Resistance forever.
we r sorry mike about what happened to you and princess.
we didnt want to bring you in troubles with the feds
and we ve heard about the reasons leading you to have spoken out to them,
it's sad you ve just hanged around couple of weeks with us
(we vagely understood u felt misplaced),
but looking back to some events, at the end, it was also a good choice for
hope u finish understanding it's not about the things we think we have seen.
its always about those things we dont see.
theres always another behind behind the behind.
Greetings to all other groups struggling on their daily fight.
Remember that fights between us it's what our adversaries are looking for.
Now this is your time.
"This is the highest wisdom that I own; freedom and life are earned by those
alone who conquer them each day anew."
LulzSec, AntiSec, LulzXmas series, ALL YOUR BASE ARE BELONG TO US,
MegaCockLulzFestival, "I'm 12 and wat iz diz?", CIA Tango Down,
#FuckFBIFriday, #StratforHasTheButtInFlames, #BlueHairedAaronBarr,
#WestboroChurchLovesEatingCocks, White Hats Can't Jump, "Keith Alexander
dressing an exhuberant ballet tutu" image and others are all trademarks of
Anonymous Inc. and well...all the people in general...
Romney aber, sag's ihm, er kann mich im Arsche lecken!
Disclaimer: We like beer and the use of manipulated bacterial ADN to transmit
well that's all now we can move on and go to sleep.
Computer virus hits second energy firm
posted by Keito
2012-09-02 16:33:08'Computer systems at energy firm RasGas have been taken offline by a computer virus only days after a similar attack on oil giant Aramco.
The attacks come as security experts warn of efforts by malicious hackers to target the oil and energy industry.
The attack forced the Qatar-based RasGas firm to shut down its website and email systems.
RasGas, one of the world's largest producers of liquid petroleum gas, said production was not hit by the attack.
The company said it spotted the "unknown virus" earlier this week and took desktop computers, email and web servers offline as it cleaned up.
The report comes only days after Saudi Arabia's Aramco revealed it had completed a clean-up operation after a virus knocked out 30,000 of its computers. The cyber- assault on Aramco also only hit desktop computers rather than operational plant and machinery.
Both attacks come in the wake of alerts issued by security firms about a virus called "Shamoon" or "Disstrack" that specifically targets companies in the oil and energy sectors.
Unlike many other contemporary viruses Shamoon/Disstrack does not attempt to steal data but instead tries to delete it irrecoverably. The virus spreads around internal computer networks by exploiting shared hard drives.
Neither RasGas nor Aramco has released details of which virus penetrated its networks.
The vast majority of computer viruses are designed to help cyber-thieves steal credit card numbers, online bank account credentials and other valuable digital assets such as login names and passwords.
However, an increasing number of viruses are customised to take aim at specific industries, nations or companies.
The best known of these viruses is the Stuxnet worm which was written to disable equipment used in Iran's nuclear enrichment efforts.'
RAP NEWS X: #Occupy2012 (feat. Anonymous & Noam Chomsky)
posted by Keito
Oil Producer Saudi Aramco Reveals Cyber Attack Hit 30,000 Workstations
posted by Keito
2012-08-29 20:53:43'Saudi Aramco, the world's biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations in mid-August.
Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks. Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks.
“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Saudi Aramco said over Facebook.
“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Saudi Aramco’s chief executive, Khalid al-Falih, said in a statement.
However, one of Saudi Aramco’s websites which was taken offline after the attack - www.aramco.com - remained down yesterday. E-mails sent by Reuters to people within the company continued to bounce back.
Supposed hacktivists have claimed the hit on the oil giant, saying they would hit the company again tomorrow. The group said it was “fed up of crimes and atrocities taking place in various countries around the world”, in a post on Pastebin. They said they were targeting the House of Saud, the ruling royal family of Saudi Arabia, and targeted Aramco as it was “the largest financial source for Al-Saud regime”.
The group, calling itself the ‘Cutting Sword of Justice’, claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers achieving a 75 percent infection rate of all the company’s systems. It refuted suggestions that a nation state was behind the attack.
Symantec, one of the world’s largest internet security companies, said on the day after the Saudi Aramco attack that it had discovered a new virus that was targeting at least one organisation in the global energy sector, although it did not name that organisation.
“It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” Symantec said in a blog posting about the virus, which it called W32.Disttrack. “Threats with such destructive payloads are unusual and are not typical of targeted attacks.”
Saudi Aramco’s al-Falih said in his statement yesterday: “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber attack.”'