From: rakesh@sysman.in
To: rakesh@sysman.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 February 08
Date: Mon, 8 Feb 2010 20:10:29 +0530
February 08 , 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
SHUT-DOWN : China Shut Down Biggest Hacker Training Site
POTENT : SQL Injections Led to 60% of UK Data Breaches
HACKED : Tata Consultancy Services Site Hacked
DANGER : Terrorists 'gaining upper hand in cyber war'
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
February 08, 2010
Today�s edition ��
SHUT-DOWN : China Shut Down Biggest Hacker Training Site
POTENT : SQL Injections Led to 60% of UK Data Breaches
HACKED : Tata Consultancy Services Site Hacked
DANGER : Terrorists 'gaining upper hand in cyber war'
(Click on heading above to jump to related item. Click on �Top� to be back here)
SHUT-DOWN : China Shut Down Biggest Hacker Training Site
By Wu Yiyao
China Daily
2010-02-08
http://www.chinadaily.com.cn/china/2010-02/08/content_9440667.htm
What is believed to be the country's biggest hacker training site has been shut down by police in Central China's Hubei province.
Three people were also arrested, local media reported yesterday.
The three, who ran Black Hawk Safety Net, are suspected of offering others online attacking programs and software, a crime recently added to the Criminal Law. A total of 1.7 million yuan ($249,000) in assets were also frozen.
According to the provincial public security department of Hubei, the closure of the website had its roots in a previous Web attack and virus dissemination case in the city of Macheng in 2007, when police found some of the suspects caught were members of Black Hawk Safety Net.
Hubei province named Black Hawk Safety Net as the largest hacker training site in China, which openly recruited members and disseminated hacker techniques through lessons, trojan software and online forum communications.
Since it was established in 2005, the site had recruited more than 12,000 VIP members and collected more than 7 million yuan in membership fees. More than 170,000 people registered for free membership.
Police said more than 50 officers had been investigating the case.
They seized nine Web servers, five computers and one car, and shut down all the sites involved in the case, according to the provincial public security department.
"I could download trojan programs from the site which allowed me to control other people's computers. I did this just for fun but I also know that many other members could make a fortune by attacking other people's accounts," said a 23-year-old member of Black Hawk Safety Net in Nanjing of East China's Jiangsu province, who asked to remain anonymous.
"It is not very difficult to do simple hacker tasks. Some hacker members are teenagers who dropped out of school and make money by stealing accounts," he said.
A 20-year-old college student who registered with three different hacker training sites said a hacker training course costs from 100 to 2,000 yuan.
"Basically students were told how to steal accounts and use trojan programs. Sometimes trainers show us how to write programs," he said.
"But now it's very difficult to become a registered member. Some well-known hacker training sites have not been accessible since November," he said.
According to a report released by the National Computer Network Emergency Response Coordination Center of China, the hacker industry in China caused losses of 7.6 billion yuan in 2009.
POTENT : SQL Injections Led to 60% of UK Data Breaches
Hackers Feast on SQL Injection Exploits
By Larry Barrett
February 5, 2010
http://www.esecurityplanet.com/news/article.phpr/3863386/Hackers-Feast-on-SQL-Injection-Exploits.htm
Hackers used SQL injection tactics to access corporate networks in 60 percent of significant data breach incidents reviewed by 7Safe, a leading computer security and forensics consulting firm in London.
SQL injection attacks, which target vulnerable code in the database layer, have long been a nightmare for IT administrators because they're extremely difficult to defend against in a live production environment and often require multiple patches to the installed database software.
E-commerce sites and online banking customers in December learned just how painful these new and increasingly complex SQL injection attacks can be. A new variant contaminated more than 125,000 Web sites with a Trojan known to harvest credit card and other banking information.
7Safe and the University of Bedfordshire teamed up to review the security breaches and write the comprehensive data breach report. The authors analyzed anonymized data from more than 60 significant computer forensic investigations, looking for similarities, differences and the methodology used by the perpetrators.
"Compared with many existing studies that are based purely on survey data, this report reveals what is really happening in the UK," 7Safe CEO Alan Phillips said in the report. "To my knowledge, this report is the first of its kind in the UK, and many businesses will find the results very interesting."
The review found that 36 percent of the cyber attacks on UK-based organizations originated in Vietnam, with the U.S. trailing at 29 percent.
Sixty-nine percent of the data breaches occurred in the retail sector and payment card information was stolen in 85 percent of all the cases.
The 7Safe study jives with surveys conducted by other security-monitoring organizations and security software vendors.
According to the Anti-Phishing Working Group (APWG), hackers were executing phishing scams and hijacking Web sites at a record pace throughout 2009, with no signs of slowing in the new year.
APWG researchers working at Panda Labs' research lab counted more than 152,000 different strains of bogus anti-malware apps in June, up from slightly more than 22,000 such applications in January 2009. It also found that more than 11.9 million computers were infected in the first half of 2009, up a staggering 66 percent from the same period in 2008.
7Safe officials said that more than 80 percent of all data breaches came from outside the company and defined 73 percent of these attacks as "unsophisticated."
However, while analysts say the most sophisticated attacks are fairly rare, they result in the greatest losses. Hacks requiring the most advanced skills accounted for 95 percent of all compromised records, according to the report.
Not surprisingly, 86 percent of the attacks were consummated through Web applications, a trend that vendors like Microsoft and Adobe are desperately trying to reverse.
HACKED : Tata Consultancy Services Site Hacked
Leena Rao
TechCrunch.com
February 7, 2010
http://www.washingtonpost.com/wp-dyn/content/article/2010/02/07/AR2010020701337.html
The website Tata Consultancy Services, India's largest software vendor, has been hacked. The hacker has posted a "For Sale" message on the site, which is written in both French and English. Ironically, the company produces security systems software.
The hack is believed to be a DNS hijack, which is similar to the breach that Twitter succumbed to last year. TechCrunch was also recently hacked earlier this year.
UPDATE: While some of our commenters have pointed out that they can visit the site, the TechCrunch team still sees the TCS page as hacked.
DANGER : Terrorists 'gaining upper hand in cyber war'
The West's military infrastructure is at growing risk from sophisticated hackers
By Kim Sengupta,
The Independent
06 February 2010
Western governments are facing a potent and ill-understood new threat from terrorists and hostile powers in the shape of cyber warfare, military and security experts have warned.
Network attacks, a British government report says, are "growing in seriousness and frequency". And in a timely reminder of the emphasis that states and corporations alike are placing on the problem, Google and the National Security Agency were yesterday said to be finalising the details of a co-operative deal aimed at boosting the search engine's defences after it was hit by sophisticated hacking attacks.
The company has stated that it will pull out of its business operations in China where the targeted attacks on the accounts of human rights activists are supposed to have originated. But the risk is not confined to individuals. US and British officials say what is at stake goes far beyond attempted state censorship, with military infrastructure and financial markets becoming vulnerable.
To overcome that risk, the Green Paper just published by the British Government has stated that part of the forthcoming Strategic Defence Review will focus on the risks posed by technology in enemy hands. At the moment, it is believed that insurgents with the right electronic capability could jam weapons systems and intercept classified communications during military missions.
"Cyber space, in particular, poses serious and complex challenges for UK security and for the armed forces' operations... Cyber attacks are already an important element of the security environment and are growing in seriousness and frequency," says the report.
"The most sophisticated threat is from established and capable states but cyber eliminates the importance of distance, is low cost and anonymous in nature, making it an important domain not just for hostile states, but terrorists and criminals." The result of losing a "technological edge", said the Paper, would mean "operations would be more hazardous. Our casualty rates, in particular, could be expected to increase markedly."
The boon of the internet for those opposed to Western governments is not limited to opportunities for direct assaults. Internet chat rooms have now become regular meeting grounds for Islamist terrorism, with activities ranging from recruitment to planning attacks. At least part of the indoctrination of the "underpants bomber" Umar Farouk Abdulmutallab, who attempted to blow up transatlantic airliners, is believed to have taken place in cyberspace.
The US administration is expected to use the Google security breach to step up counter-measures in the cyber field. Dennis C Blair, the director of national intelligence, told Congress in his annual review that the threat of a crippling attack on telecommunications and other computer networks was growing with an increasingly sophisticated group of enemies "severely threatening the somewhat fragile system behind the country's information infrastructure".
The UK is working with key Nato allies to formulate defences in the cyber war. However, John Chipman, the director-general of the International Institute of Strategic Studies, said: "Despite evidence of cyber attacks in recent political conflicts, there is little appreciation internationally of how to assess cyber conflict. We are now, in relation to cyber warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war."
"Cyber warfare may be used to disable a country's infrastructure, meddle with the integrity of another country's internal military data, try to confuse its financial transactions or to accomplish any number of other crippling aims," he said. However, governments have only limited ability to ascertain even basic facts such as when they were under attack and by whom.
The Indian government recently claimed that hackers based in China had tried to infiltrate computers in the office of its prime minister in New Delhi. And Estonia was subjected to a cyber attack in 2007 when government computers were jammed, causing millions of pounds of financial losses, during a period of tension with Moscow.
If the British Green Paper is to be believed, such problems are only likely to get worse. "The armed forces' dependence on space [communications] has grown rapidly over recent years," it said. "This makes us vulnerable... it is likely to become more difficult for our armed forces to maintain a technological edge over the range of potential adversaries."
New IT Term of the day
social shopping
A slang term used to describe networked shopping. In electronic commerce it refers to consumers who use social networking services and sites to share their latest purchases, deals, coupons, product reviews, want lists, and other shopping finds. Some people may use affiliate links when they write about shopping and products on social spaces including MySpace, Facebook, Twitter and other networking services.
Confess you were wrong yesterday; it will show you are wise today.
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
Hotmail: Free, trusted and rich email service. Get it now.
No comments:
Post a Comment