22 March 2013

TeamSpy snooped on governments, big biz undetected for 10 years


Computer security researchers say they have uncovered a decade-long espionage campaign against governments, businesses and human-rights activists in Eastern Europe and beyond.

We're told the spying operation was partially pulled off by subverting TeamViewer - a legitimate tool for remotely controlling computers and holding meetings online. The snoopers installed the software on victims' Windows PCs and modified the code's behaviour with DLL hijacking to open a backdoor on the compromised machines. This successful tactic earned the campaign the nickname of TeamSpy and kept the hacking crew under the radar for years.
The researchers, who are based at the Laboratory of Cryptography and System Security (CrySyS Lab), said the spying team also used custom-built malware in days gone by.
......

"The campaigns are a mix of targeted attacks and conventional cyber-crime activities, for example, banking crime operations such as the Sheldor campaign."
CrySyS Lab reckoned the attacks are the work of a small and technically skilled team that has grown more sloppy over the years as complacency set in.

.....
TeamSpy's modus operandi is similar to the approach taken by the hackers behind the earlier Red October attack, although the two operations are not thought to be directly linked. The TeamSpy crew usually roped in victims using so-called waterhole attacks based on planting malicious code on websites frequently visited by people working at targeted organisations. That attack code was also injected into advertising networks that ran across the targeted regions.

A detailed technical analysis by Kaspersky Lab of TeamSpy can be found here [PDF]. ®

....


Click here to read more ....

SOUTH KOREA UNDER CYBER ATTACK


SEOUL – Three South Korean broadcasters and two banks were hit by a major cyber attack this afternoon, in an apparently successful attack that has rendered system-wide computer networks unusable since 1400KST (0100EST).
KBS, MBC and YTN were all hit by the attack, as were Shinhan and Nonghyup banks, South Korean news agency Yonhap reported. KBS staff member Luke Cleary tweeted a picture of his laptop screen, apparently showing a wiped operating system:

Although no evidence has thus-far been presented, a statement from the presidential office said they were investigating the possibility of North Korean involvement in the attack, and the military has upgraded its “info surveillance status” in response. Reuters, however, reported that a holding page from a hacking group know as the “Whois Team” appeared on an LG-owned website (see below video).
“The circumstantial evidence points towards North Korea, but that’s also the perfect cover for someone wanting to attack South Korea and cause mischief,” North Korea Tech blogger Martyn Williams told NK NEWS.
.......


Click here to read more ....

Other Links of same story :

http://english.yonhapnews.co.kr/

http://www.northkoreatech.org/

http://www.scmagazine.com

http://www.symantec.com

15 March 2013

Britain and India to agree cyber crime joint taskforce

Britain and India are expected to agree to set up a joint task force to fight cyber crime, a move London hopes will help it safeguard the personal banking and mobile phone data of millions of Britons, much of which is stored on Indian servers.
....
It said India was set to have one of the biggest online populations by 2015 with an expected 300 million users - larger than the United States and up from the 137 million users already in India today.
......


Click here to read more ....

Cybercrime-as-a-Service – A Very Modern Business


By Vishak Raman on 7 March, 2013

Cybercrime business includes a complete range of deliverables, from attack tools and methods, consulting, services, advertising, and a myriad of programs that serve as the ‘product.’
Cybercrime business includes a complete range of deliverables, from attack tools and methods, consulting, services, advertising, and a myriad of programs that serve as the `product'. The more features or the more complex the service offered, the higher the price. A worrying new phrase has entered the lexicon of cybercrime - Crime-as-a-Service (CaaS). While the term is self-explanatory it more than adequately describes how cybercrime in the 21st Century has become commoditised. 
......
Just as with any other business, there are products and services available to be sold to customers. These include; Consulting services such as botnet setup ($350-$400); Infection/spreading services (~$100 per 1K installs); Botnets and Rentals - Distributed Denial of Service or DDoS ($535 for 5 hours per day for one week), email spam ($40 / 20K emails) and Web spam ($2/30 posts); Crimeware Upgrade Modules. SpyEye Modules as an example, range anywhere from $500 upwards to $10K. SpyEye is a prolific banking botnet that emerged in 2010 and can be upgraded to enable advanced features for money laundering.
.......


Click here to read more ....

Chinese hackers breach DRDO systems; steal cabinet committee on security files


Saikat Datta l @saikatd

New Delhi: A successful Chinese hacking attack has caused what is arguably the biggest security breach in India with systems of hundreds of key DRDO and other security officials being compromised and leading to the leak of sensitive files related to the cabinet committee on security (CCS), the highest decision-making body for security issues of the government of India. 
The other stolen files recovered so far belong to the governments of the United States, Russia, and South Korea.
....

As they continued to trace the breach, they discovered thousands of top secret CCS files, and other documents related to surface-to-air missile and radar programmes from DRDL, a DRDO laboratory based in Hyderabad, among many other establishments. 
Even the e-tickets of the scientists who had travelled to Delhi in February were found on the server. 
The intelligence officials also discovered documents of deals struck between DRDO and Bharat Dynamics Ltd, a defence PSU which manufactures strategic missiles and components. Some other recovered files were related to price negotiations with MBDA, a French missile manufacturing company.
But the shocking part was the extent of the hacking by the Chinese, believed to be officially sponsored. 
.......

Click here to read more ...... 

Doctors used silicone fingers to fool fingerprint scanner


The story broke when Globo TV managed to get its hands on a video that shows 29-year old doctor Thauane Nunes Ferreira first clocking in at work by pressing her own finger onto the device, then doing the same for two colleagues by using silicone fingers.

In the footage, she seems uncomfortable doing it, and collecting the slips of paper that proved that those persons checked in. After having been arrested, she admitted to doing it for a while now, but pointed out that she was coerced into doing it by Jorge Cury, the head of the emergency room

Click here to read more ......