[ISN] So Who Hacked EC-Council Three Times This Week?

http://www.infosecnews.org/so-who-hacked-ec-council-three-times-this-week/ By William Knowles Senior Editor InfoSec News February 28, 2013 On February 22nd 2014 the EC-Council website was broken into and defaced by Eugene Belford (a.k.a. The Plague). For those of you living in a cave, or a compound outside of Abbottabad for the last 13 years, The EC-Council is an Albuquerque New Mexico based organization that offers security professionals a reasonably inexpensive certificate among other security certificates. to be compliant with DoD 8570. The website was defaced, and its content was replaced with a picture of Edward Snowden, and an HTML comment that gives away the identity of the “hacker” that compromised the EC-Council website. After EC-Council wrestled back control of their site, a known password was reused, and two days later re-defaced the website showing the mail from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains. After the hacker mentioned “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” conspiracy rumors were swirling about who may have attacked the EC-Council website. Foreign training companies, secret squirrels, the Chinese, Russians, non-state actors. On February 25th, EC-Council website was defaced a third time. The folks at r000t’s Blag have found done some digging and on the surface its pretty damning evidence. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] UK man charged with hacking Federal Reserve

http://www.computerworld.com/s/article/9246650/UK_man_charged_with_hacking_Federal_Reserve By Grant Gross IDG News Service February 27, 2014 A British man faces new charges in the U.S. for allegedly hacking into the Federal Reserve Bank’s servers and stealing names, email addresses and other personal information of the bank’s computer users. Lauri Love, already facing charges in New Jersey and Virginia, is charged with one count of computer hacking and one count of aggravated identity theft in U.S. District Court for the Southern District of New York, said Preet Bharara, the U.S. attorney there. Documents charging Love in New York were unsealed Thursday. “Lauri Love is a sophisticated hacker who broke into Federal Reserve computers, stole sensitive personal information, and made it widely available, leaving people vulnerable to malicious use of that information,” Bharara said in a statement. “We place a high priority on the investigation and prosecution of hackers who intrude into our infrastructure and threaten the personal security of our citizens.” It was unclear who is representing Love in the U.S. cases. Love used a SQL attack to infiltrate the bank’s servers, according to a press release. In late December 2012, Love told other hackers in an IRC chat room that he had gained control of the server for the Federal Reserve Bank in Chicago, according to the indictment in New York. He also gained access to a Federal Reserve Bank server in New York, the U.S. Department of Justice alleged. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] How a Hacker Intercepted FBI and Secret Service Calls With Google Maps

http://valleywag.gawker.com/how-a-hacker-intercepted-fbi-and-secret-service-calls-w-1531334747/ By Nitasha Tiku ValleyWag February 27, 2014 Earlier this week, Bryan Seely, a network engineer and one-time Marine, played me recordings of two phone calls (embedded below.) The calls were placed by unwitting citizens to the FBI office in San Francisco and to the Secret Service in Washington, D.C. Neither the callers nor the FBI or Secret Service personnel who answered the phone realized that Seely was secretly recording them. He used Google Maps to do it. Yesterday, Gizmodo reported on how easy it was for Seely to spam Google Maps with fake listings. Seely has revealed to Valleywag a more troubling way to exploit the Google’s laissez-faire attitude toward verification—loopholes the international search megalith has known about for at least four years. The callers that Seely recorded thought they were speaking directly to the government agencies because they looked up the telephone number on Google Maps. What they didn’t know was that Seely had set up fake listings for the San Francisco FBI office and Secret Service in Washington, D.C., displaying numbers that went to a phone account he set up rather than the federal offices. After Seely’s numbers received the calls, they were seamlessly forwarded to the real offices the callers were trying to reach, only now the audio of their conversations with real federal agents was being captured by Seely. Seely told Valleywag: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China ramps up cybersecurity efforts, strives to become “Internet power”

http://news.techworld.com/security/3504470/china-ramps-up-cybersecurity-efforts-strives-to-become-internet-power/ By Michael Kan Techworld 28 February 2014 China is bolstering its efforts on cybersecurity with a new high-level committee that aims to turn the nation into an “Internet power,” the country’s official state media said Thursday. Chinese President Xi Jinping is leading the new government body, which held its first meeting on Thursday. Xi was quoted as stating that cybersecurity and information technology had become a matter of national security. “Without cybersecurity there is no national security, without information technology there is no modernization,” Xi added. Increasingly, China has found itself embroiled in cybersecurity issues. Over the years, the nation has fended off accusations that it carries out state-sponsored hacking attacks. Those allegations reached fever pitch last year when a U.S. security firm claimed it had documented evidence that China’s military had spearheaded cyberattacks against the U.S. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hackers arrested over data leakage

http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2985550 BY CHOI MO-RAN joongang.co.kr Feb 27, 2014 Authorities said yesterday that they have arrested three hackers suspected of leaking the personal data of 17 million people from 225 websites. The Incheon Metropolitan Police Agency announced yesterday that it had arrested the trio, who stole personal data from Korean websites and sold it to loan lenders and chauffeur service companies in exchange for about 100 million won ($93,793). According to the police, the websites’ security networks were not secure enough to prevent infiltration. The hackers uploaded malicious coding onto posts on online boards, gaining control over the domain once site administrators clicked on them. The hackers told the police that they were easily able to steal the personal data since most of the websites didn’t encrypt the personal data of their members. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail