LinkedIn profiles spoofed by the British “NSA”

Looks like many other agencies are following suit of the NSA. GCHQ (Governmental Communication Headquarters) of Great Britain has apparently been hacking LinkedIn profiles of employees of all sorts in order to infiltrate corporate networks and access information. Particularly mobile communication, mobile billing and clearinghouse companies have been the focus here, so that international transactions could be tracked. Organizations such as Belgacom and Syniverse have been at the brunt of these attacks, according to reports by Der Spiegel.

Whistleblower Edward Snowden had initiated these revelations and apparently employees are now targeted for information without discrimination. Although spokesman for Syniverse insisted that there has not been any breaches by government agencies according to their talks with the article, it is not yet been disproved adequately. As explained in the article, the Quantum Insert Method has been used by the GCHQ. Basically the intelligence agency redirects traffic to and from target servers and with this, intercept communication and transactional information. This is also can be called the “man in the middle” attack, essentially being the third party in this intrusion.

By looking at the LinkedIn profiles of targeted companies and employees, the agency is able to gather information and can use it as a safe guard since its deemed as public information. IT personnel such as network administrations have been noted to be the main targets, since they have a major capability of information authority and access. Cookies are even collected where then viruses can be installed in payloads on those PCs that were attacked. The spoof factor comes in where basically fake accounts on LinkedIn are the ones containing malware, so when someone clicks to view that profile, it launches that malware onto the viewers computer.

It was interesting to note that the article pointed out how targeted attacks by cyber criminals and the GCHQ were similar, such as conducting spearphishing. When it comes hacking, there really is not “righteous” way of doing it seems like, as anyone regardless of their title can engage in it. The agency really did look at the NSA as a model and perhaps have been using similar technology as well. Of course, this does not seem ethical at all, as the redirection and capturing of information over the internet is done so without any awareness by organizations or internet users for that matter.

“Brit Spies Spoof LinkedIn Pages to Track Targets.” TechNewsWorld: All Tech. N.p., 11 Nov. 2013. Web. 21 Nov. 2013. <http://www.technewsworld.com/story/79403.html&gt;.

Advertisements

FTC Cracks down on Tech Support Scams

The FTC recently released a report which showed there were 6 companies based out of India targeting PC owners in the US, Canada, Ireland, and the UK. They were attempting to convince the PC users that they were infected with a virus and then cocericed to pay a fee for the scammers to remove the virus.

The scammers were charging anywhere from $50 to $450 for this “removal” of the virus. When those unfortunate enough to agree to this fee paid it, they were directed to a download for remote access software which allowed the Indian call center to install a free set of utilities and prove they have “removed” the (non-existent) virus.

There were 6 cases launched against 31 corporate and individual defendants in the US District Court for the Southern District of New York.

http://www.ftc.gov/opa/2012/10/pecon.shtm

Hackercare

“Flaw in Affordable Care Act site records hack attempts through its search box and re-presents code as auto-complete options”

     As everyone should already be knowledgeable about, Obamacare’s grand opening has been met with great failure. Not many people have signed up, doctors have lost their positions and now, it seems like some hacker(s) have taken out their anger by taking advantage of and exploiting weaknesses on the Healthcare.gov website. As stated in an article titled, Obamacare Hacked: Hackers Hit Healthcare.gov With 16 Attacks, Design DoS Tool Called ‘Destroy Obama Care’, “The Department of Homeland Security said Monday that Healthcare.gov has been hit by as many as 16 cyber attacks from hackers. Authorities have also spotted a tool available for download that’s designed to hit Healthcare.gov with a denial-of-service attack (DoS).”

     The attacks were made last week on the 8th and 9th and although they were not successful, it is a small representation of the emotions many Americans are feeling today towards the Affordable Health Care Act. The government has already put a hacker to test out the site, and 10 weaknesses were reportedly found. There was a believe a couple of months ago before the website was launched, that it would be attacked due to a new security system not being checked until a later date and because of lack of sufficient training for workers who have to handle sensitive information.

     The government should learn a thing or two from this event and should properly evaluate configurations next time it tries to implement a new program/website, otherwise; hackers would joyfully try to break through (heck they might try to break through if the system is good anyways).

Password-Protecting Apps

Most everyone uses passwords. Passwords are the access point, or at least part of it, for most profiles or accounts, inside which many users store private information. Therefore, it is of utmost importance that these crucial combinations of characters should not fall into the wrong hands, specifically hackers and those who would use an individual’s information against him or her. However, many people face two general issues when it comes to passwords. Those are remembering every single password to each account, which can vary in quantity based on one’s computer usage or abilities, and the threat of losing passwords if a mobile device is somehow lost. Luckily for mobile users, there are several mobile applications specifically dedicated to assisting users in their password management. Many find these applications useful because then they are not forced to memorize all of their passwords. They are as follows:

1. 1Password-This is the best-known password manager app. Utilizing a master password and encryption for all data within the app, 1Password is rather secure in mobile terms. It allows for users to organize their passwords and information using data categories. Included in this application is a secure browser, which enters passwords and credit card information for you in the appropriate places. Another feature is the strong password generator, which randomly produces a complex password. On iOS, this app is listed at $18, but there is a free, much simpler version available for Android.

2. LastPass-With simplicity in mind, LastPass creates an easily navigable program that secures a variety of a user’s personal information behind a master password. Contrary to 1Password, this application allows for one to secure certain snippets of text and media. Although LastPass is free, a $12 per year subscription is required to perform functions such as filling in information.

3. oneSafe– This application has clearer graphics than it’s rivals and is only priced at $6. Storing passwords and credit card information, as well as personal documents, oneSafe can secure many types of private information. If the user prefers, he or she can use a pattern swipe access code, as opposed to a master password. Another handy feature is the app’s ability to notify the user if any unauthorized attempt is made to access the account.

4. Keeper– This app, although similar to the others, contains one unique feature. Keeper provides users with the ability to share private information with a trusted individual.

5. Wolfram Password Generator Reference App-This application randomly generates tricky,long-character passwords, and even lets users know how long it will take to crack them. The Wolfram Password Generator Reference App is available only on iOS and is priced at $1.

 http://www.nytimes.com/2013/10/17/technology/personaltech/apps-to-protect-your-array-of-passwords.html?ref=computersecurity

$45 Million Stolen from a Cyber Heist

On November 18, 2013, six men were arrested and accused of being apart of an international hacking organization. The thieves were from the Dominican Republic and were charged with conspiracy to commit access device fraud. They all pleaded not guilty.

According to court records this group of hackers targeted prepaid debit cards from Rakbank, based in the United Arab Emirates, and Bank Muscat, based in Oman. The operation was executed by eliminating withdrawal limits from compromised accounts. Then teams of “cashiers” were sent to make simultaneous withdrawals from ATMs around the world. One operation had thousands of coordinated ATM transactions  in 24 countries. According to the prosecutors of this case, $40 million was stolen from that operation alone. The six men were apart of a New York cell of the organization and the stole from 140 ATMs and were able to achieve $3 million from their operation.

The men of this heist were arrested in Yonkers, New York and are currently in court. All have pleaded not guilty and the consequences are to be determined.

Sources: http://abcnews.go.com/Blotter/arrested-bags-cash-mass-cyber-heist/story?id=20925475