DNS Attacks on Symantec, Microsoft, Apple Claimed By Anonymous

Posted on September 16, 2011 by computeradvisor

The Sri Lankan branch of Anonymous claims to have hacked into the DNS servers of Symantec, Apple, Facebook, Microsoft, and several other large organizations over the past few days.

Posting the news and records of its exploits on Pastebin, the group is taking credit for launching “DNS Cache Snoop Poisoning” attacks against its victims.

DNS cache snooping is the process whereby hackers can query a DNS server to find out which domain names are being resolved into IP addresses.

DNS cache poisoning is a method through which hackers are able to insert malicious and fake records into the cache of DNS servers. As a result, the hackers can then spoof a response to a DNS query, forcing users to go to a phony Web site instead of the real one.

Since DNS, or domain name system, servers maintain the records that assign domain names to IP addresses, attacks against them are especially alarming since they can compromise part of the very foundation of the Internet.

The information posted on Pastebin by Anonymous Sri Lanka shows that the group was able to scan and in some cases expose the DNS information of the companies it targeted, according to Cyber War News. But there’s no indication that the hackers were able to modify any of the DNS records that they touched.

In the record of its DNS attack against Symantec, Anonymous Sri Lanka boasts that it breached the “world’s second-largest software (antivirus) leader/giant” and says that it captured almost the entire DNS pool, including the company’s corporate customers, production servers, and testbeds. The group touted the same DNS Cache Snoop Poisoning attacks against Facebook, Skype, Apple, Cisco, Microsoft, and Novell.

Beyond its attacks against several major tech companies, Anonymous Sri Lanka has also claimed DNS hacks against several groups and agencies in Sri Lanka, including the nation’s Parliament, military, and largest telecom provider.

The group tried to justify its actions in some of its comments.

Lashing out at Facebook, Anonymous Sri Lanka said that the way the social network controls and treats its members is not acceptable under any circumstances. Explaining its attack against Skype, the group claimed that the online video service is “eavesdropping the entire VoIP traffic at several nodes for sure.”

The attacks appear to have started on August 22 against the Sri Lankan telecom provider and continued on into yesterday with the attack against Skype.

Read the rest of the story at CNET

Posted in Security News | Tagged , | Leave a comment

McAfee Uncoveres Long-Term Cyber-Espionage Campaign Against The US

Posted on August 4, 2011 by computeradvisor

Cyber-warfare sounds like something from a science fiction novel. It’s not. It’s reality. Cyber-security firm McAfee claims to have uncovered a cyber-espionage campaign that’s been going on for five years against more than 70 public and private organizations in 14 countries.

The campaign, called “Operation Shady RAT” (remote access tool), was described by Dmitri Alperovitch, McAfee’s VP of threat research in a recent blog post: Revealed: Operation Shady RAT. According to Alperovitch, these attacks are major assaults against both countries and corporations.

He writes, “Having investigated intrusions such as Operation Aurora [China’s attack on Google) and Night Dragon (systemic long-term compromise of Western oil and gas industry), as well as numerous others that have not been disclosed publicly, I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know. ”

Alperovitch also declares that these government-sponsored attacks are on an entirely different scale than those of the kiddie attacks made by such groups as Anonymous and Lulzsec. The McAfee executive wrote, “The targeted compromises–known as ‘Advanced Persistent Threats (APTs) … we are focused on are much more insidious and occur largely without public disclosures. They present a far greater threat to companies and governments, as the adversary is tenaciously persistent in achieving their objectives. The key to these intrusions is that the adversary is motivated by a massive hunger for secrets and intellectual property; this is different from the immediate financial gratification that drives much of cybercrime, another serious but more manageable threat.”

Read the rest of the story at ZDNet

Posted in Security News | Leave a comment

Alleged Hacker Ryan Cleary Out On Bail

Posted on June 28, 2011 by computeradvisor

Ryan Cleary, the alleged hacker who was arrested last week and subsequently charged in the U.K. with five counts of hacking, has been released from jail.

Judge Nicholas Loraine-Smith granted Cleary bail today but imposed some limitations on the 19-year-old. According to the U.K.’s Mirror, Cleary has a 9 a.m. to 7 p.m. local time curfew. He has also been electronically tagged and will not be allowed to leave his home without the company of at least one of his parents. Cleary is also not allowed to access the Internet or have any products allowing him to go online.

Cleary was arrested last week in the U.K. following an investigation into a series of distributed denial-of-service (DDoS) attacks. Reports initially claimed that Cleary was a member of LulzSec, a hacking group that apparently disbanded over the weekend after spending 50 days attacking PBS, Sony, and the CIA, among others. However, LulzSec last week denied Cleary’s alleged involvement with its group, saying that he only hosted “one of our many legitimate chat rooms on the IRC server.”

British authorities have stopped short of linking Cleary to LulzSec, but they did charge the teenager with launching DDoS attacks against the Serious Organized Crime Agency, the International Federation of the Phonographic Industry, and the British Phonographic Industry.

Read the rest of the story @ : CNET

Posted in Security News | Tagged | Leave a comment

Husband Arrested After Wife Poses As A Teen On Facebook

Posted on June 14, 2011 by computeradvisor

In a news report from CNET.com, a wife poses herself as a teenager in Facebook to know what her husband is up to.

Angela Voelkert, created a super-grabbing facebook profile of a teenage girl called Jessica Studebaker. She then entice her husband into communication that leads into having him reveals his plans to leave his wife and children.

According to court papers, David Voelkert allegedly admitted to Jessica that he remove his GPS tracker from his van and installed it in the van of his wife. He then allegedly made suggestions that he would find someone to “take care of” his ex-wife.

Oddly, the FBI allegations in these court papers suggest that David Voelkert then believed he could leave for another state and that Studebaker, whom he’d never met (given that she didn’t exist), would come with him.

David Voelkert owns a South Bend, Ind., business called Secured Alarms, some of whose customers are allegedly police departments.

Posted in Security News | Tagged , | Leave a comment

Hackers Accessed Citigroup Customer Data

Posted on June 10, 2011 by computeradvisor

Citigroup said today that hackers breached the bank’s network and may have gained access to the personal data of hundreds of thousands of bank card customers.

Customer names, account numbers, and contact information, including e-mail addresses, were accessed during the breach, which was discovered in May during routine monitoring. However, no Social Security numbers, birth dates or security codes were accessed, Citi said.

Citi said the breach affected about 1 percent of its 21 million customers.

“We are contacting customers whose information was impacted,” Citi spokesperson Sean Kevelighan said in a statement. “Citi has implemented enhanced procedures to prevent a recurrence of this type of event. For the security of these customers, we are not disclosing further details.”

The breach, which was first reported by the Financial Times, adds Citi’s name to a growing list of companies that has suffered an intrusion in recent months.

Read More @ CNET.

Posted in Security News | Tagged , | Leave a comment