On Sept 15, Malaysia police arrested Ardit Ferizi, 20, who is being accused of hacking into U.S. based company, the name of this company has not been released, and stole the information of 1,300 U.S. military and government personnel. Reports have confirmed that Ferizi was in contact with senior ISIS leaders in Syria, and has also sold this information to them. The information that was stolen was home addresses, phone numbers, email addresses, passwords, and photos of these people. ISIS then posted the information on social media as a means to issue “commands” to ISIS members to attack. Ferizi is also believed that he is the leader of a hacker group called “Kosova Hacker’s Security”, his alias in the hacking community is “Th3Dir3ctorY”.
Malaysian authorities and the FBI were working together in keeping the other informed on Ferizi’s actions. Malaysian authorities received information about Ferizi from the FBI, and began monitoring him. Ferizi is currently in custody and is being held until U.S. authorities can extradite him to the states. Ferizi is being charged with identity theft, computer hacking, and possibly other charges. If charged Ferizi could face up to 35 years in prison. The information to whom it related to have been notified by the Pentagon about the leak of information.
Today Apple had what quickly becoming know as their largest account theft, due to malware. Palo Alto Networks and Weip Tech came across a server that held over 225, 000 valid user names and passwords that had been stolen via a new malware family named KeyRaider in the iOS.
The malware only effects users with jailbroken iOS devices has struck users in 18 countries. According to Claud Xiao, “The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.”
KeyRaider is also stealing Apple’s push notifications and private keys, but it’s also sharing the App store’s purchasing information. These stolen credentials eventually allow users to make purchases for free using iOS jailbreak tweaks.
They’ve also been locking down devices, and holding them for ransom. It disables unlocking operations, and demands a ransom without going through the Apple push servers.
According to Jonathan Sander (the Lieberman Software VP), and Tim Erlin (Tripwire’s Director of IT Security and Risk Strategy), jailbreaking your iPhone paints a target on your back, and in this case it was taken advantage of.
US banks are finally rolling out a new and more secure type of debit and credit card technology that should strengthen their security. Currently cards use a magnetic strip that holds the card number and expiration date which provides very little security since the card number is being transmitted over the point of sale device and the magnetic strip makes it easy to clone a credit card with stolen information. The EMV “smart card” technology (a joint effort of Europay, MasterCard, and Visa) cards have a built in chip that replaces the functionality of the magnetic strip. However, the chip provides much more security because every time it is used, it generates a one-time transaction code that is cryptographically signed and transmitted. This means that if thieves are able to skim a point of sale terminal or hack into a retailer’s network the codes they steal are worthless. This could have prevented much of the damages caused by breaches like Target, where millions of card numbers where stolen.
These EMV card are not exactly new technology since they have been available since the early 2000’s and most of the rest of the world has already adopted them as the gold standard. The roll out in the US has been very slow because of the great costs of issuing new cards and upgrading point of sale terminals at retail locations. However, with the rise in identity theft and credit card fraud at an all time high, the credit card companies are pushing for the new more secure technology. They are forcing the retailers to transition to the EMV chip and pin terminals by setting a deadline of October 1st, 2015. After that all any company that accepts credit and debit card payments but doesn’t have chip and PIN readers in place could face increased liability and fines for fraudulent transactions incurred if card data is stolen from them.
Author: Charles Leavitt
Deep down in the depths of the hacking underground is software that is designed to help criminals, aka crimeware. This field of crimeware has a new player in town, called Antidetect. The program is designed to assist someone who stole credit card information from being detected. The program works by allowing users to very quickly and easily change components of the their system to avoid browser fingerprinting, including the browser type (Safari, IE, Chrome, etc.), version, language, user agent, Adobe Flash version, number and type of other plugins, as well as operating system settings such as OS and processor type, time zone and screen resolution. The ingenious wizard is Pavel V. Golub. This release should raise concern over card-not-present fraud, and needs to be handled.
After being hit by POS malware on fourteen of it’s managed hotels in the previous year, White Lodging Services experience yet another data breach against point-of-sale systems on ten more hotels, that potentially exposed payment card data for an undisclosed number of customers. The POS systems in the restaurants and lounges of the hotels were affected from July 3, 2014, through February 6, 2015 in hotels from Colorado, Illinois, Indiana, Kentucky, Michigan, Pennsylvania and Texas.
The latest breach was initially discovered on Jan 27, 2015 when the company was informed of unusual activity on credit cards used at four different Marriott hotels they manage. This particular breach risked names, payment card numbers, card security numbers and expiration dates to those who are unauthorized to access this particular data.
Upon learning of the suspected data breach, company officials immediately notified the U.S. Secret Service, contacted federal law enforcement officials and initiated a third-party forensic review. Through the investigation, they were able to detect malicious software on a number of point-of-sale terminals used at the food and beverage outlets of the hotel. This malicious software puts any credit/debit card data entered onto these devices at risk.
Although White Lodging Services has previously attempted to secure its data and networks, they are again taking this data breach seriously and taking whatever actions needed in order to secure their data and ensure that their customers are safe. Also, White Lodging Services is offering one year of free fraud resolution and identity services to those affected, and are also encouraging anyone to review their statements if they used a debit or credit card in the food and beverage outlets of the hotels.