Largest Hack of 2016 (so far)

In the past few weeks, FriendFinder Networks has had a number of major data breaches that resulted in over 412 million user accounts exposed.

FriendFinder Networks owns AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com all which suffered breaches but AdultFriendFinder suffered the worst with over 300 million accounts leaked. 

“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, FriendFinder vice president and senior counsel, told ZDNet which is a sister site of cnet.com. “While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

The breach was a result of a local file inclusion exploit according to LeakedSource who also said the exposed information was not going to be made publicly available. Also according to LeakedSource FriendFinder used a number of bad security practices such as passwords stored in plaintext or hashed using SHA1 which is notoriously easy to crack. They also still had account information for deleted user accounts and sites they no longer ran such as Penthouse.com which is now owned by Penthouse Global Media.

This is the second time the AdultFriendFinder site has been hacked in two years with the last leaking 3.5 million account in May of 2015 according to LeakedSource.

-Robert Arnold

Sources:

https://www.cnet.com/au/news/hack-reportedly-exposes-412m-friendfinder-networks-accounts-adult-dating-swinger/

FriendFinder Networks hack reportedly exposed over 412 million accounts

Tesco bank hacked, hackers attempt money transfer from around 20,000 compromised accounts

imgres

Tesco banks has recently announced that it has seen “suspicious transactions” from around 40,000 accounts over the weekend, and this has led them to actually shut down their site while they look into it.  At the moment of writing it is not known how much (if any) money was taken from the 20,000 of the aforementioned 40,000 account where withdrawals were attempted.

This has been called a much more recent and unique attack since most of the time when a bank is hacked only the larger accounts are compromised, and the attackers don’t bother with smaller accounts, in order to avoid a better chance of getting caught.  This also means that a hacked bank doesn’t have to shut down their site to investigate it, though in this instance it was so widespread the bank itself had to briefly shut down.

Apparently it is suspected that intruders found their way in via either a bug that was introduced with a website update, or through some third party connected to Tesco, as the attack was clearly done to the website, and not the core computer systems that provide most of the heavy lifting for the bank’s systems.

-jes5746

Source: http://www.bbc.com/news/business-37891742

Someone May Be Planning To Take Down The Internet

According to a recent report by Bruce Schneier, hackers may be planning a takedown of the internet. While China and Russia are the likely suspects, it is unknown who is launching the attacks, and if the US government knows they have decided to stay quiet. Schneier has done a very nice job of describing the attacks:

These attacks are significantly larger than the ones they’re used to seeing. They last longer. They’re more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

 

The attacks are also configured in such a way as to see what the company’s total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they’ve got to defend themselves. They can’t hold anything back. They’re forced to demonstrate their defense capabilities for the attacker.

According to VeriSign’s (the registrar for .com and .net domains) quarterly report, the most common vector they experienced was, “UDP floods (including Domain Name System (DNS), Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and Chargen).” The next most common vectors were TCP Layer attacks, IP Fragment attacks, and Application Layer attacks.

Schneier says he doesn’t see a motive in the attacks. However, he says “it feels like a nation’s military cybercommand trying to calibrate its weaponry in the case of cyberwar.”

Martin McKeay, security advocate at Akamai, says a complete internet takedown is impossible because, “it’s a whole bunch of networks, and you’re not going to take it down unless you take down all the circuits. You can take down a company, an organization, or part of a government — but you can’t really take down the Internet as a whole.” He cites the fact that the transoceanic cables have terabit switches, which can handle far more data than the 500Gbps record for the largest attack. Tim Mathews, vice president of the Incapsula product line at Imperva, concurs saying that the attacks “are an order of magnitude smaller than the bandwidth capacity the largest transit providers and ISPs manage.”

In the event the attacks do manage to take down a registrar, such as VeriSign, it would cause a mass blackout affecting many sites and emails. VeriSign manages 143.2 million domain names, including domains for banks, the stock market, and insurance companies. In addition, the attacks could target emergency services, such as 911 and hospitals.

In the end Schneier admits that we can’t really do anything about it, “but this is happening. And people should know.”

Author: Christian Martin

Sources:
https://www.lawfareblog.com/someone-learning-how-take-down-internet
https://www.verisign.com/assets/report-ddos-trends-Q22016.pdf
http://www.technewsworld.com/story/83894.html
https://www.verisign.com/en_US/company-information/index.xhtml

Covert Communications: Using Gaming Networks to Plot Terror

With all of the monitoring software that has been turned from legend into fact in the recent years, it can be perplexing that terroist organizations are still able to remotly plan and, as we have seen in recent days, execute attacks on high profile targets. However, officials in Belgum have come up with a way they were able to plan attackes such as Paris: using gaming networks such as Sony’s Playstation Network used on their Playstation 4

This is just the most recent in commercial networks and applications being used to plan terrorist activities. Before the use of the Playstation Network, terrorist organizations have been seen using a mobile application called WhatsApp, which uses the internet to send messages from person to person, and has been shown to be difficult to monitor due to its high traffic and method of sending messages.

The Playstation Network, however, has proven more difficult than WhatsApp when it comes to intercepting terrorist communications, due to their lack of ability to intercept peer-to-peer IP based voice chat. This would mean that a terrorist meet up could happen in something as simple as an online game, and authorities would never know about it.

This doesn’t mean that they haven’t tried to gain legal access to VoIP communications. In 2010, the FBI pushed to have all lanes of communication monitoried, though the FCC had declined to give them access to the network then.

The main issue, however, is beyond the legal scope. While we are able to profile potential terror affiliates based on their internet usage, it is very hard to do so based on their console usage (uless we already know a terror affiliate uses a certain account). This, along with the Playstation Network having over 110 million users (for scope, that would make it the 11th largest country in the world), makes it a really hard field to narrow down.

And that is just for voice communication. If you start thinking about it, there are even ways to conduct non-verbal communication over a gaming network, from in-game destructables to placing items to form words or symbols that could mean something, that would not be traceable later, as they would be reset according to the loading of the game.

With these in mind, communicating over gaming networks may be the next large step in clandestine communications between persons or bodies that do not want anyone listening in to their conversations, as there are currently no real steps to trace anything that might happen there. This could lead to governments and groups not being able to trace the traditonal methods of communication, and increases the likelyhood of an unexpected attack on a high profile target.

-Will G. Eatherly

Sources:

Daily Mail article on topic: http://tinyurl.com/pxxekka

List of Countries according to population: http://tinyurl.com/qb8f8mv

Forbes article on topic: http://tinyurl.com/omftmlk

 

Windows 10 Scans for Counterfeit Software

 

 

 

2000px-The_Pirate_Bay_logo.svgPirate Bay, an online index of digital content, has been up since 2003, with irregular down times and  many legal allegations facing it. But, after such a long time, it may be facing something that may potentially bring it to its demise. Some users of Windows 10 reported that they have encountered security measures on the OS that don’t allow them access to torrenting services. These measures include not being allowed access to torrenting or file sharing sites, windows scanning systems’ hard drives for counterfeit software, sending contents of HDDs to local servers, and torrent files simply disappearing. Measures such as these would makes sense if they were implemented on Microsoft’s newest OS, primarily because Windows 8 was one of the most torrented operating systems in the world. Many private torrent tracker groups, in response to these reports, are banning the use of Windows 10 among members. A lot of the hype about Windows scanning hard drives for counterfeit software comes from the services agreement that says:

“We may automatically check your version of the software and download software updates or configuration changes, including those that prevent you from accessing the Services, playing counterfeit games, or using unauthorized hardware peripheral devices.”

This could be applied to random copies of bootlegged software, but it most likely is covering Xbox services that look for counterfeit games. At this point in time, there is no hard evidence that Microsoft is taking up arms against illegal software through its new OS.

 

Links:

http://gizmodo.com/hardcore-pirates-are-reportedly-banning-windows-10-1726044389

http://www.realtytoday.com/articles/51986/20151114/the-pirate-bay-tpb-cant-get-through-microsoft-windows-10.htm

 

-Tory Leo