Tag Archive for: dark

The Dark Arts: Meet The LulzSec Hackers

/in


It’s difficult to say if [Aaron Barr], then CEO of software security company HBGary Federal, was in his right mind when he targeted the notorious hacking group known as Anonymous. He was trying to correlate Facebook and IRC activity to reveal the identities of the group’s key figures. In the shadowy world of black-hat hacking, getting your true identity revealed is known as getting doxed, and is something every hacker fears. Going after such a well-known group would be sure to get his struggling company some needed publicity. It would also have the most unfortunate side effect of getting the hacking groups attention as well.

DA_06
Aaron Barr

Perhaps [Aaron Barr] expected Anonymous to come after him…maybe he even welcomed the confrontation. After all, he was an ‘expert’ in software security. He ran his own security company. His CTO [Greg Hoglund] wrote a book about rootkits and maintained the website rootkits.com that boasted over 80 thousand registered users. Surely he could manage a few annoying attacks from a couple of teenage script kiddies playing on their parent’s computer. It would have been impossible for him to know how wrong he was.

It took the handful of hackers less that 24 hours to take complete control over the HBGary Federal website and databases. They also seized [Barr’s] Facebook, Twitter, Yahoo and even his World of Warcraft account. They replaced the HBGary Federal homepage with this declaration – with a link to a torrent file containing some 50,000 emails resting ominously at the bottom. At the same time, they were able to use social engineering techniques to SSH into the rootkit.com site and delete its entire contents.

It became clear that these handful of Anonymous hackers were good. Very good. This article will focus on the core of the HBGary hackers that would go on to form the elite LulzSec group. Future articles in this new and exciting Dark Arts series will focus on some of the various hacking techniques they used. Techniques including SQL injection, cross-site scripting, remote file inclusion and many others. We will keep our focus on how these techniques work and how they can be thwarted with better security practices.

LulzSec – For…

Source…

The dark web’s criminal minds see IoT as the next big hacking prize

/in


Krisanapong Detraphiphat | Moment | Getty Images

John Hultquist, vice president of intelligence analysis at Google-owned cybersecurity firm Mandiant, likens his job to studying criminal minds through a soda straw. He monitors cyberthreat groups in real time on the dark web, watching what amounts to a free market of criminal innovation ebb and flow.

Groups buy and sell services, and one hot idea — a business model for a crime — can take off quickly when people realize that it works to do damage or to get people to pay. Last year, it was ransomware, as criminal hacking groups figured out how to shut down servers through what’s called directed denial of service attacks. But 2022, say experts, may have marked an inflection point due to the rapid proliferation of IoT (Internet of Things) devices.

Attacks are evolving from those that shut down computers or stole data, to include those that could more directly wreak havoc on everyday life. IoT devices can be the entry points for attacks on parts of countries’ critical infrastructure, like electrical grids or pipelines, or they can be the specific targets of criminals, as in the case of cars or medical devices that contain software.

“What I wish is that the vulnerabilities of cybersecurity could never negatively affect human life and infrastructure,” says Meredith Schnur, cyber brokerage leader for US & Canada at Marsh & McLennan, which insures large companies against cyberattacks. “Everything else is just business.”

For the past decade, manufacturers, software companies and consumers have been rushing to the promise of Internet of Things devices. Now there are an estimated 17 billion in the world, from printers to garage door openers, each one packed with software (some of it open-source software) that can be easily hacked. In a conversation Dec. 26 with The Financial Times, Mario Greco, the group CEO of giant insurer Zurich Insurance Group, said cyberattacks could pose a larger threat to insurers than pandemics and climate change, if hackers aim to disrupt lives, rather than merely spying or stealing data.

IoT devices are a key entry point for many attacks, according to Microsoft’s Digital Defense Report 2022. “While the security of IT…

Source…

Sensitive data stolen in Okanagan College cyber attack now posted to dark web, ransomware group claims

/in


Hackers believed to be responsible for a cyber attack on Okanagan College earlier this month claim they have now posted sensitive data onto the dark web. 

On their website, the hacker group Vice Society says they have extracted and published over 850 gigabytes of sensitive data, including passwords, photos of passports, social security numbers, and credit card numbers. 

“Data that appears to belong to Okanagan College and its stakeholders has been posted on a dark website belonging to a criminal organization,” said Okanagan College in a Tuesday statement. 

The dark web refers to a part of the Internet that is accessed with a special software that allows users to be anonymous, and is often used for criminal activity. 

Okanagan College first warned students and staff weeks ago of the breach that occurred on the morning of Jan. 9 by an “unrecognized external agent.” 

 

Brett Callow, a Canadian cybersecurity threat analyst with the company Emsisoft, says Vice Society is known to target academic institutions with ransomware attacks. Ransomware is a type of malicious software that threatens to publish the victim’s personal data or block access to it until a ransom is paid. 

Callow says these demands can amount to tens of millions of dollars.

“Any data that a school district or a college can hold can potentially end up online,” said Callow. 

“There is money to be had from these attacks there’s no doubt about that.”

Okanagan College said they have alerted authorities to the incident and did not entertain conversations about paying a ransom. 

“Regardless of the amount, even if we had paid a ransom, there still would have been no way to be absolutely certain that it would have resulted in the destruction or even non-publication of any stolen or compromised data,” the college said in a statement.

Accessible by anyone

Callow says law enforcement is getting better at identifying culprits behind ransomware attacks, but there is little individuals can do if a company or public institution has been…

Source…

The dark web gets even darker

/in


Ransomware first came on the scene in 1989 via hackers mailing out a floppy disk.

Called the AIDS trojan; if you put the disk in your computer it would lock up. You were then asked to send $189 to a P.O. Box in Panama to restore your computer.

Times have changed. In recent years, ransomware sometimes asks for millions of dollars in payments to restore infected systems.

Working in technology for over 25 years, ransomware is the worst cyber threat I have ever seen.

The cyber threat group Lockbit is now the No. 1 player on the ransomware scene. They are behind almost half (44%) of the reported attacks in the world last year, according to Deep Instinct, an Israeli cybersecurity company.

Mind you, this is not a rag-tag band of digital thieves; they operate like any legitimate large business. They utilize a network of subcontractors (they call them affiliates, like Mary Kay) to distribute malware by selling ransomware tool kits on the dark web (RAAS — ransomware as a service).

Once that happens, an up-and-coming hacker goes on the dark web, buys the tool kit, and then distributes it (via email attacks and other hacks).

Once they have a victim and receive payment, they share it with Lockbit.

Having a highly effective distribution system is not the only corporate similarity. They have a robust PR team and they do interviews with the media.

Let’s not forget marketing too, they run ads online to recruit affiliates. Shady forums like XSS (Russian hacker forum) have some of their ads, you can check them out here on this non-dark website.

Lockbit also invests in R & D — speaking of that and Russian dark web forums, let’s go back to what Lockbit did in June 2022 when the pandemic was heating up. Lockbit sponsored a contest together on the dark web with a cash prize for an innovative paper on new methods of cybercrime, hacking, viruses, malware, etc. This is the first time I have heard of anything like this and it’s a frightening indicator of the people behind this gang.

They sponsor hacking initiatives and by doing so are coaching up the next generation of hackers and separating the script, kids (hacker lingo) from the real bad actors.

Envision Credit Union in Tallahassee knows this…

Source…