Largest Hack of 2016 (so far)

In the past few weeks, FriendFinder Networks has had a number of major data breaches that resulted in over 412 million user accounts exposed.

FriendFinder Networks owns AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com all which suffered breaches but AdultFriendFinder suffered the worst with over 300 million accounts leaked. 

“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, FriendFinder vice president and senior counsel, told ZDNet which is a sister site of cnet.com. “While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

The breach was a result of a local file inclusion exploit according to LeakedSource who also said the exposed information was not going to be made publicly available. Also according to LeakedSource FriendFinder used a number of bad security practices such as passwords stored in plaintext or hashed using SHA1 which is notoriously easy to crack. They also still had account information for deleted user accounts and sites they no longer ran such as Penthouse.com which is now owned by Penthouse Global Media.

This is the second time the AdultFriendFinder site has been hacked in two years with the last leaking 3.5 million account in May of 2015 according to LeakedSource.

-Robert Arnold

Sources:

https://www.cnet.com/au/news/hack-reportedly-exposes-412m-friendfinder-networks-accounts-adult-dating-swinger/

FriendFinder Networks hack reportedly exposed over 412 million accounts

Canadian Point of Sale company data breech

     The point of sale company Lightspeed has suffered a data breech, the email above was posted on twitter by Australian security expert Troy Hunt which was sent by Lightspeed to its customers. The hackers had gained access to systems related to its retail offering. Lightspeed confirmed the attackers accessed a central database containing information on sales, products, and customers. The database included encrypted passwords, electronic signatures, and API keys. Eventhough the database was accessed by hackers Lightspeed said there was no evidence that information was stolen.

      The company said that passwords created after January of 2015 where the safest having been stored with advanced encryption technology. They also said that the system that the hackers had accessed did not hold any private information such as credit card numbers. The company has informed customers that a third party security firm had been hired to investigate and that it’s systems should be only accessible by authorized users.

http://www.securityweek.com/pos-vendor-lightspeed-suffers-data-breach

  • Gavin Millikan

South Korea training students to hack for the military

an-instructor-points-to-a-line-of-code-in-the-programming-language-java-displayed-on-a-projection-screen-during-a-cyber-defense-programming-class-in-the-war-room-at-korea-university-in-seoul-south-korea-last-week

In an effort to boost it’s defenses, South Korea has enlisted 120 of it’s most talented programmers, offering full scholarships for 7 years of military service. Korea University’s national cyber-defense department will produce it’s first batch of graduates next year.

This program is just a part of a broader build-up though. South Korea is increasing the size of it’s cyber command to 1,000 people and increased information security spending by almost %50 between 2009 and 2015.

Unfortunately though, the South is racing to catch up. North Korea started training it’s hackers in the early 90’s and, according to the chief of S.K.’s defense security command, has 1,700 highly skilled and specialized hackers. He also called North Korea a ‘global cyber power.’

The South has been playing catch up for awhile actually, it wasn’t until a ‘suspected’ North Korean attack in 2009, that paralyzed a large number of government websites, that the South set up a cyber-defense command. In 2013 North Korean hackers attacked South broadcasters and banks. An estimated 32,000 computer servers were paralyzed, and the country lost an estimated 750 million dollars in economic damage.

Luckily South Korea seems to be training some excellent talent in their national cyber-defense department. This is shown by their students winning the ‘Hackers World Cup’ this year in August at Defcon in Las Vegas.

 

Robert Levasseur

http://www.arkansasonline.com/news/2015/nov/30/young-programmers-in-s-korea-groomed-to/?f=business

The Implications of the Paris Attacks in Respect to Consumer Encrypted Communication Services

It is highly probable that the effects of the recent Paris attacks will be seen throughout all aspects of cyber-security and privacy. In particular it is rather interesting to consider the effects in regards to consumer encrypted messaging services. It is often the case that there is change in security policy and measures that commensurate with a terror attack. Therefore it is reasonable and practical to envisage western governments to express interest and attention in encrypted messaging services.

On the market today there is a significant amount services that offer the consumer end to end encryption. Examples of such services are: What’s App, Silent Circle, and Wickr. What end to end encryption is, in respect to communications, is the ability for users to communicate to both end completely encrypted. The result of this technology is that the only users able to read and interpret data are either the sender or the receiver. The implications of this is that there is no method of which any organization has the ability to read and interpret the communications being sent, even the company hosting the service.

In the wake of these attacks, there will be a greater desire of law enforcement agencies of the western civilizations to have access to intercept these messages. Senator Dianne Feinstein from California is calling for a “back door” into these services, stating that it is a problem that these services can “create a product that allows evil monsters to communicate in this way.” It his highly reasonable to extrapolate that this is only the start of a conversation on consumer encrypted communication services.

These government agencies are calling for these “back doors” in the wake of these attacks because it allows terrorists to communicate and coordinate with the messages being completely encrypted. An organization named Middle East Media Research Institute has released a report stating that a significant number of radical groups are using these services to communicate. However it is important to review these reports with caution, because the institute who released these reports are a not for profit political organization located in Washington.  In addition it is dubious how the information was found, because according to the mechanics of end to end encryption this information is impossible to recover. However regardless of the verisimilitude of these reports, it is important to acknowledge the potential implications of these technologies.

In final it is significantly important to consider the technical implications of creating this “back door”. Creating this back door also creating an additional set of probable problems in regards to this topic. Nickolas Weaver, a senior researcher at the International Computer Science Institute, stated “You cannot hack a back door that lets only the good guys in… If you add one, it becomes usable by Chinese intelligence, Russian intelligence, and criminals.” Therefore if following these calls for an intercept-able encrypted messaging, would also ruin the purpose of using these services for communications.

In conclusion the future of consumer encrypted messaging services is uncertain in the wake of these attacks. The conversation in regards to public safety, in respect to these service is just beginning. It is also important to consider the technical consequences of creating a “back door.” The Paris attacks will a have a wide-reaching effect in the realm of information security, consumer encrypted messaging is only one of the many aspects that may be altered in the wake of these attacks.

Michael Henry Boc

 

http://www.nbcnews.com/storyline/paris-terror-attacks/paris-attack-could-renew-debate-over-encrypted-messaging-apps-n464276

http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/

http://www.memri.org/

 

Visa Exploitation Gang Exposed!!!

FireEye dubbed gang name, FIN5, has been causing headaches by obtaining valid user credentials to exploit their targets.  They created their own malware dubbed RawPOS used to target point of sale machines.  In existence since 2008, FIN5, used target organizations Remote Desktop Protocols, Virtual Private Networks, Citrix, or VNC to gain access to their targets.  All of these things deal with networking computers in some form or another.  The interesting thing about this group is that they don’t use spearphishing or remote exploits.

One tool they use is the GET2 Penetrator.  This is a tool that searches, using brute force, for credentials.  These credentials can be hardcoded or remote access. They also use EssentialNet.  EssentialNet is free tool that scans networks for layouts.  As for the RawPOS malware it contains several components.   Duebrew keeps the malware installed on the machine.  FiendCry scrapes memory to steal credit card data.  Driftwood hides the stolen data from analysis tools.

This software works on a multitude of POS systems and is coded to evolve with new systems.  Something unusual about the RawPOS malware is that it is very well commented.  It is coded in an older Russian text.  Authorities believe this is to make the malware seem a legitimate program and for support as well.  Using Windows Credential Editor and the Active Directory, they access legitimate user credentials.  They also sophisticated tools that erase their tracks.

Among those struck by the hacker group are Visa, Goodwill, and an unnamed Casino in Las Vegas.  FireEye is partnering with Visa to create a threat intelligence service.  It will combat this group and others like it.

to see the full article visit: http://www.darkreading.com/analytics/prolific-cybercrime-gang-favors-legit-login-credentials/d/d-id/1322645

-Brian Lustick