Largest Hack of 2016 (so far)

In the past few weeks, FriendFinder Networks has had a number of major data breaches that resulted in over 412 million user accounts exposed.

FriendFinder Networks owns AdultFriendFinder, Cams.com, Penthouse, Stripshow and iCams.com all which suffered breaches but AdultFriendFinder suffered the worst with over 300 million accounts leaked. 

“Over the past several weeks, FriendFinder has received a number of reports regarding potential security vulnerabilities from a variety of sources,” Diana Ballou, FriendFinder vice president and senior counsel, told ZDNet which is a sister site of cnet.com. “While a number of these claims proved to be false extortion attempts, we did identify and fix a vulnerability that was related to the ability to access source code through an injection vulnerability.”

The breach was a result of a local file inclusion exploit according to LeakedSource who also said the exposed information was not going to be made publicly available. Also according to LeakedSource FriendFinder used a number of bad security practices such as passwords stored in plaintext or hashed using SHA1 which is notoriously easy to crack. They also still had account information for deleted user accounts and sites they no longer ran such as Penthouse.com which is now owned by Penthouse Global Media.

This is the second time the AdultFriendFinder site has been hacked in two years with the last leaking 3.5 million account in May of 2015 according to LeakedSource.

-Robert Arnold

Sources:

https://www.cnet.com/au/news/hack-reportedly-exposes-412m-friendfinder-networks-accounts-adult-dating-swinger/

FriendFinder Networks hack reportedly exposed over 412 million accounts

Attack takes out internet in Liberia

Next on the list of major internet attacks is the taking down of internet access for a nation state (kudos to Kevin Beaumont for noticing). While Liberia doesn’t have a particularly large population of internet users compared to high-profile targets such as the US (Liberia has ~180k internet users, Rochester (city only, not greater area) has a population of ~210k people), the attack is worrying nonetheless.

It appears that the attack was done by the Mirai botnet (the Mirai exploit toolkit was released recently; the botner largely composed of Internet of Things devices), and reached ~500Gbps. While attacks lasted only for a short time, the number is frightening nonetheless. The attack targeted internet infrastructure, namely the undersea cable that Liberia shares with West Africa. Unlike countries such as the US, Liberia only has one cable, making it vulnerable to this attack, whereas in places such as the US the system would automatically reroute you .

What’s frightening about this attack is that it appears to be done by someone with some actual abilities. The attack appears to be the operator testing their abilities. Should this person decide to fully employ their abilities, the result could cause a sizable outage, even in the US.

On a lighter note, the operator noticed the monitoring of malwaretech.com and Kevin Beaumont, and sent messages via the Twitter bot that monitors the Mirai botnet:

temp

 


Author: Christian Martin

Sources:
http://www.bbc.com/news/technology-37859678
http://qz.com/827049/mirai-botnet-attackers-launching-a-test-cyberattack-knocked-out-an-entire-countrys-internet/
https://medium.com/@networksecurity/shadows-kill-mirai-ddos-botnet-testing-large-scale-attacks-sending-threatening-messages-about-6a61553d1c7#.jf40i5xj4
http://www.independent.co.uk/life-style/gadgets-and-tech/news/liberia-internet-offline-broken-not-working-down-web-country-cyber-attack-hack-a7397376.html
https://twitter.com/MiraiAttacks

Tesco bank hacked, hackers attempt money transfer from around 20,000 compromised accounts

imgres

Tesco banks has recently announced that it has seen “suspicious transactions” from around 40,000 accounts over the weekend, and this has led them to actually shut down their site while they look into it.  At the moment of writing it is not known how much (if any) money was taken from the 20,000 of the aforementioned 40,000 account where withdrawals were attempted.

This has been called a much more recent and unique attack since most of the time when a bank is hacked only the larger accounts are compromised, and the attackers don’t bother with smaller accounts, in order to avoid a better chance of getting caught.  This also means that a hacked bank doesn’t have to shut down their site to investigate it, though in this instance it was so widespread the bank itself had to briefly shut down.

Apparently it is suspected that intruders found their way in via either a bug that was introduced with a website update, or through some third party connected to Tesco, as the attack was clearly done to the website, and not the core computer systems that provide most of the heavy lifting for the bank’s systems.

-jes5746

Source: http://www.bbc.com/news/business-37891742

Election Day Hack Not Possible?

trump-vs-clinton

A threat that is more apparent than ever is the threat of manipulating the upcoming election. Though, experts are saying that this threat is actually very small. The US voting system is fragmented and decentralized(State by State, District by District) creating a safeguard. Also the electronic voting machines are not connected to the internet.

However, state voter databases are managed by private companies. And an unreported number of these private companies have fallen victim to a cyber attack. These attacks have all happened before the voting so the only outcome would be the loss of personal information.

While the results of the election seem to be in good hands, the means of distributing this information is also a target. It was mentioned that a targeted attack at media sites could cause major chaos.

There is talk that denial of service attacks could shut down these media websites for long periods of time, preventing people from actually hearing about the results of the election. I do not think this is a problem that we need to worry about. The election is such a huge deal and the internet is so big – the word will spread regardless.

Link:

http://www.foxnews.com/politics/2016/11/04/cybersecurity-threat-to-election-day-is-slim-experts-say.html

– Donald Morton

Shadow Brokers reveals list of Servers Hacked by the NSA

On my previous post I mentioned the Shadow Brokers.  The Shadow Brokers are a group of hackers that initially claimed to have stolen NSA surveillance tools.  Well today October 31, 2016 the Shadow Brokers published a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations. Experts believe the list contains 306 domain names, and 352 IP addresses belonging to at least 49 countries. As many as 32 domains of the total were run by educational institutions in China and Taiwan.  The top 10 targeted countries include: China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy , and last but certainly not least Russia.  The article also talks about other undisclosed tools that the Equation Group used.  To end this post I wanted to share a comment the Shadow Brokers made.

“TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped the election from coming? Maybe hacking election is being the best idea? #hackelection2016.” 

Link:

http://thehackernews.com/2016/10/nsa-shadow-brokers-hacking.html

– Andrew Villella