Category: News

Surprising New Palestine Charity Donors

If you follow the security and hacker world, you’ll know that there is a constant tit-for-tat battle going on across countries, religions and ideologies.  One group will deface a certain web site usually with badly spelt propaganda and  ‘1337 speak’, then a few days later another group will retaliate with an attack on a different web site.  There’s lots of threats and tough talk, and it sometimes seems like there are literally thousands of these groups all over the world fighting their own cyber way.
computercrime

The reality is that it’s been happening for so long it doesn’t really make much impact any more, unless it’s a really big commercial name.  There’s another problem with this attack method, especially due to the minimal impact – it usually takes much more effort than it’s worth.  Of course there are literally thousands of ways to hack a web site – vulnerabilities on the code, the host, bruteforce passwords or pinch user credentials – the list is virtually endless.

However it does take time, and can take an awful lot of effort which is why it often looks like a complete waste of time.  You spend days finding out a web sites vulnerabilities and hack into it, replace it with your leet message – then take a couple of screenshots.  What happens then?  The owner changes all the password, closes the vulnerability and restores the original from backup and it’s all back to normal.  Unless you dash out and advertise the hack, then it’s likely not that many have even noticed and those who do have seen it all before anyway.   Of course if it’s a bank or a big commercial site then there is much more of an impact and of course commercial implications – but those sites are likely to take much more effort and resources to hack into anyway.

Which is why I think this was a rather innovative angle by a group of  pro-palestinian (or perhaps just anti-Israeli) hackers called AnonGhost (not impressed with that name!).  They’re involved in an cyber offensive against the Israeli’s, which sounds a bit more impressive than the reality, and have been for several years in line with other Muslim extremist groups like ISIS.  It all get’s very messy here as you have a ‘free speech’ hacker group like Anonymous, working towards the same target alongside ISIS sympathising hacking groups such as AnonGhost.  Obviously supporting any ISIS related group is kind of a backwards step toward promoting free speech and liberty.

Anyway the point is that instead of just stealing a few user details and posting up a bit of tedious cyber graffiti which is overwritten half an hour later, they did something different.   They stole lots of credit card details from an Israeli based site and posted some of them online, the rest they used to make donations to a Palestinian children’s charity.

anonghostdonate

Well that’s the story at least, there is a little bit of evidence to support it but not enough to be completely sure. The irony of course relies on these being stolen Israeli credit cards. Though whether the payments were completed by the charity site – fundrazr, is also perhaps difficult to believe -especially after the facts were posted all over the web.

As usual, the attackers probably didn’t hide their tracks very well and unless they used some very secure VPNs, like these, have probably now got loads of their details listed on databases compiled by various security agencies like GCHQ and the NSA.  However as a stunt,  it was at least a little bit innovative.

Hacking Your Exam Grades

There’s a scene in the iconic 80’s film Ferris Bueller’s Day Off where the hero logs into his school’s computer system and starts modifying his records.   It’s a dream that’s probably passed through the thoughts of millions of young people over the years.  If only I could just go and change a couple of those grades discretely, no-one would ever know.

ferris-hacker

Unfortunately as with nearly all ‘computer crimes’, committing is much, much easier than getting away with it. The problem is that it’s very difficult to hide your tracks online, one tiny mistake and there’ll be lots of markers pointing your way.

This is exactly what has happened to student Imran Uddin early this year. A bio-science student at the University of Birmingham, Imran decided that his projected 2:2 degree wasn’t quite good enough and decided to try and gain access to the Universities Exam system to modify his grades slightly – changing the scores on five exams in order to boost his grades.

His attack involved installing keyloggers into a selection of the Universities computers in order to steal staff passwords who had access to the exam recording system.
keylogger
These are little hardware devices which you can pick up for a few dollars on the internet, that plug into the back of a computer and record every keystroke made on that keyboard. It’s the easiest way to steal usernames and passwords as it operates at the hardware level and you don’t need to worry about encryption and security. Imran managed to grab a handful of staff accounts including ones that were able to change the exam grades, where he duly modified his own.

Of course, the problem is that these devices have to be installed and can be identified if someone looks carefully enough. Which is what happened in this case, a technician performing an upgrade on some computers in the Bio-Science lab noticed the device. Of course then all the University computers were checked and staff found several more including one on the back of a computer in a staff only area.

After that all roads led back to Mr Uddin and when police checked his own computers they found a huge amount of incriminating evidence. There were ebay searches and purchases of the keylogging devices, evidence of a failed attempt to login to the University marking system plus loads of other forensic evidence incriminating him.

Which is mainly the problem with these computer crimes, although they’re pretty easy to commit, it’s very difficult to hide all this incriminating evidence when people start looking for it. There will be CCTV records of the keyloggers being installed, records of IP addresses and logins and of course simply looking at backups of the exam system will reveal logs of grades being modified. You can route your connection through Russian or Australian proxies but if you leave obvious clues elsewhere it won’t help you.

I once investigated a system where criminal records where accessed by someone who shouldn’t have had access. Looking at the logs of this system it took about ten minutes to find them – although there were hundreds of thousands of records the culprit stood out like a sore thumb. While every legitimate user of the system logged in and performed searches using an account in this format – USR1077672356, one account was logged in as Jamie333 (details slightly modified!). It was the first account checked and despite the individual being cunning (his name was not Jamie) it didn’t take long to find lots more evidence.

Mr Uddin was sentenced to six months and presumably lost his degree completely, he also faces the possibility of legal action from the University too. It’s impossible to know how many people actually get away with crimes like this, but one small mistake or piece of bad luck and it’s very simple to track the culprits down. Still kind of feel sorry for the guy though, but there’s definitely a lesson to be learnt here!

May you Rot in Hell – Ask Toolbar

I don’t swear much, in fact there are only three things that are likely to make me swear at all. In no particular order – my teenage son, printers and the Ask Toolbar.

I try to avoid the first two whenever possible, however I am forever plagued by the scourge that is the Ask Search toolbar.  You’ve probably come across it too, in fact if you don’t stay constantly aware the little bastard will certainly install it on your computer at some point.  In case you don’t know what I’m talking about here’s a reminder and the origin of about 99% of the installs.

asktoolba2r

This screen which most of us skip through in nano-seconds during the install of one of the 100 yearly Java updates is where you’ll get caught.  I know it’s there and it’s always getting me, you click on next and in the corner of your eye you just catch a glimpse of the ‘Add Search App by Ask.’, but it’s too late your mouse has already registered your click and continues.   You have just requested that one of the most pervasive and irritating pieces of adware be installed on your computer and have signed your agreement to whatever horrors are contained in the Ask.com Terms and Conditions.

There are hundreds of different versions of this vile search add on, which produce a variety of annoying results.  Depending on which version you have the misfortune to install, you’ll get your search results modified, adverts inserted into your browsing, your home page altered and forced to use the Ask search engine.   I hate it vehemently, it is also a complete bugger to remove as is usually the case.

Finally now though the industry is beginning to act on the sort of hate that this toolbar generates.  It’s only achieved any sort of legitimacy from piggy backing the Java install, and it’s probably done some severe damage to Oracle’s reputation.   Now Microsoft has finally classed it as malware and it’s security products now remove the accursed toolbar.  Well to be more accurate, Microsoft have classified it as ‘unwanted software’ which is like classifying leprosy as an unwanted skin condition.  I presume that’s to prevent legal wranglings and arguments over the definition of ‘malware’ – even though it is.

It’s not perfect, not all versions of the Ask toolbar are included only the earlier advert injecting ones, so you’ll still have to be on your guard. I presume it’s still in the Java Runtime installer but fortunately I’ve cut down on my drinking and haven’t accidentally installed that for a while.

 

 

No Such Thing as a Free VPN – the Hola Price

First of all I’d like to ask, would anyone mind coming round to fix my back fence – it got wrecked in high winds and needs replacing? I won’t pay you or anything, you’ll just do it because you like helping people, reward enough right? I’m not expecting to get inundated with offers, but you never know saves paying someone to do it.

It’s why I get frustrated with everyone always asking me if I know of  free proxies and vpns as if there are thousands of companies across the world who are happy to spend considerable time and money providing a service which you can use for free to watch porn or stream movies. I mean ….why would they do it? What’s in it for them? Please, people is this the way the world works, I think not.

madeasign
There’s always a reason, these things cost money and if you want to see an example of the hidden costs of using something like the adware riddled monstrosity that is Hola then read on.

There are plenty of free services around, but none of them are really free. In lieu of using their servers you have to accept slow speeds, security risks and the fact that they are likely to try and make money out of you. The usual method is by filling your computer and browsing session with lots of adverts (which generate them income). It’s very annoying and personally I wouldn’t let it near any of my computers or devices, but you can at least argue it’s fairly straight forward. You use their connection for free and they make money by bombarding you with adverts – fair enough.

However using a proxy or VPN is more than that, you are in fact handing over your entire online world to these providers and they can do pretty much anything with it. Take for instance the free VPN mentioned – Hola, most of us just thought those adverts were the payback but it appears there’s much more. They are actually hijacking your internet connection and pimping it out for cash via a service called Luminati.

Your Price to Pay for the Free VPN

Luminati is a paid anonymity service which runs on the lines of TOR, that is it encrypts your connection then relays it through a network of exit nodes in order to hide your location. On it’s FAQ page, here’s the first two bullet points –

  • All countries – Luminati is the only network that provides you with IPs in ALL countries in the world! (except N. Korea)
  • Real anonymity – the Exit Nodes in the Luminati network are regular PCs, laptops and phones, and thus are not identified as proxies or as Tor network nodes

Which is all fine and dandy, until you learn that these ‘real pcs’ are ours. Well, that is the pcs of people who use Hola. You install Hola and you are potentially allowing your PC to be sold as an exit node, that is anybody can use your connection to route their traffic to keep themselves anonymous.

Can you imagine what’s being relayed through the connections of these hapless Hola users, your connection could be being used to relay all sorts of material.

That computer sitting in front of you could at this very minute be distributing porn around the planet, hacking in to government servers or perhaps participating in a DDOS attack on a company.

It’s kind of a big price to pay for a free VPN don’t you think.

So if you’ve made it down this far into the post, and you happen to be a Hola user I’d suggest removing that Hola plugin very quickly (I’d actually reformat my drive these things are notoriously difficult to remove!). Learn a lesson that stuff on the net, that costs people money to run/develop and support is never ever going to be free.

I’m still amazed by the sheer greed of some of these people – here’s a link to the cracking summary and a Hola Vulnerability checker and proof of concept code  if you want to read more.

http://adios-hola.org/

GTA V Mods Infected with Malware

I’ve always thought that if you wanted to target a particular group of people to infect their computers and steal their login details that teenage boys who play video games would be an ideal choice.   Of course there are drawbacks in that few will probably have paypal or online bank accounts however that’s changing. GTAV-malware Take my eldest son for example who fits quite neatly into this ‘game playing’ group and despite my protestations is always infecting his computer with something or other.   His world focuses around computer games so if something gives him the edge, he’ll install it in a heart beat without a second thought about what it is or where it comes from.   A stern lecture on computer security and why it’s sensible not to install unknown programs which throw up security warnings will be forgotten minutes later. malware-teenage

Well it seems they are being targeted and the route is through ‘mods’ to popular games like Grand Theft Auto.  These ‘mods’ are software which you can install onto a popular game to modify some aspect of it.  It might be a different scenario, change the look and feel of the game or install some sort of cheat or upgrade into the game itself.  There’s a whole community of  people developing this stuff mostly for free.

It was in two mods of the GTA V game that some users first noticed that malicious code has been inserted onto their computers through the patches. The ‘Angry Planes’ mod spawned planes which attacked enemy players, and the ‘Noclip’ mod allowed players to walk through walls and other objects.  One GTA player noticed that a C# compiler was running in the background when he played GTA V, it was running a program called FADE.exe which is actually a keylogger.  This is a program that sits and records all your keystrokes and then usually emails or uploads them to a remote server somewhere for someone to pick  up. The mods were completely functional and did exactly as described, which of course the best malware distribution systems always do.

People tend to believe if something works then it’s not infected with a virus where that’s not usually the case.  There’s loads of examples here especially in the field I cover most that of proxies and security. So it’s very likely that there are thousands of people running around GTA V whilst malware sits logging their every keystroke in the background.  Most of the Anti Virus software failed to pick up anything in these mods so most will be completely unaware of this situation.  So if you play or knows someone who plays modded versions of GTA then it might be worth letting them know to check out their computers and change their passwords (after removing the keylogger obviously!).