TeamBerserk hacktivists use US judge's credit card to buy sex toys for him

by Lisa Vaas on December 12, 2013 | 2 Comments

FILED UNDER: Featured, Law & order, Security threats, Vulnerability

TeamBerserk hackers are back.

They've sided with a sheriff in the US state of Texas in a dispute over a teacher picking thrown-away school furniture out of the trash, have leaked 23 documents stolen from the judge's computer, have used the judge's credit card to order what Softpedia reports is a total of 18 sex toys, and have shown prodigious talent at making images out of keyboard characters that will forever change the way you view "x", "@" and "s" if you click through to their Pastebin message.

(Warning: At least one of the Pastebin images are probably NSFW, albeit they'd be very appropriate for a gallery show on keyboard character artwork.)

The TeamBerserk crew align themselves with the Anonymous hacktivistbrand but carry out their own operations.

In October, they announced that they were taking a breather from their attacks, which they say have been carried out against such organizations asthe US Office of Personnel Management, HITRUST, Interactive Data, CITIC, the Chinese University of Hong Kong, New Mexico ISP Plateau, The West Australian, Loretto Telecom, and California-based ISP Sebastian.

Now, they're back, as spotted by Softpedia's Eduard Kovacs, and they're ready for more lulz, as they said in their comeback message:

After many days at port, days filled with rum, women and lulz - which have recovered us. We have again united for an explosive several weeks of exploitation, mayhem and LoLz.

In the Pastebin message, they threatened "corporations and governments", with Judge Souli A. Shanklin appearing to be their first target as part ofProjectMayhem, a campaign Anonymous first announced in 2011.

The dispute with Judge Shanklin dates back to a conflict that flared up in September between Edwards County Sheriff Pam Elliott and Rocksprings Independent School District Superintendent David Velky.

After claiming to have analyzed the case, the hackers said that they're on the sheriff's side:

We TeamBerserk agree with Sheriff Pam Eliott [sic]. You have been placing pressure on board members to do your bidding and you have concealed information. This information will be publicly available soon.

At this very moment we are sorting through and analyzing all of your accounts. We have gained remote access to your cell phones and we have conversation logs between you and various, shall we say.. characters of shady backgrounds.

All of your Android devices are under our control as well as your personal nets.

TeamBerserk claims to have ordered several dildos from Velky's Amazon account, as they did from Judge Shanklin's account, and published screenshots as proof.

Kovacs reported on Wednesday that the hackers hijacked Velky's LinkedIn account and leaked seven more documents related to Judge Shanklin.

Although some might see these antics as amusing, let's get serious kids. Don't try this at home.

As it is, when TeamBerserk went on hiatus in October, it noted that various members had just finished jail terms.

Credit card fraud is illegal, as it should be, even if you use the stolen credit card to send truly tasteful Christmas gifts such as those selected by TeamBerserk.

The US legal system doesn't have much of a sense of humor.

For evidence of that, you don't have to look any further than to the $183,000 penalty dished out to Eric Rosol this week for participating in an Anonymous-organized DDoS against Koch Industries for one measly minute.

High financial penalties and jail terms against hackers and 'hacktivists' alike are rife.

Is it really worth the lulz?

Stealing Computer Data through Speakers is Possible Now!

“Your digital data can now be filched from your computer in a form of Audio Signals.” Does this appear to be a dialogue from a science fiction movie? Because I can vouch for it to become the reality anytime soon.

The Security researchers from Germany have developed a new sort of computer malware that can steal your passwords, login information or any other data from a PC and can transfer it in a form of an audio signal to the PC nearby; these audio signals are not even audible to humans as its frequency is outside the human hearing range.

The research had published in the Journal of Communications which was led by a team from Germany’s Fraunhofer Institute for Communication, Information Processing, and Ergonomics.

Researchers Michael Hanspach and Michael Goetz managed to use the built-in speakers and microphones of computer to transmit passwords and other data at a rate of 20 bits per second over a distance of almost 20 meters, allowing the malware to privately ooze critical data to the outer world.

According to the Abstract part of their research paper,

“We construct a covert channel between different computing systems that utilizes audio modulation/demodulation to exchange data between the computing systems over the air medium. “

In case you don’t know, a covert channel is a way to transfer information between processes that are not authorized to communicate.

Furthermore, the researchers wrote,

“If we want to exploit a rigorously hardened and tested type of computing system or networks of this type of computing system, we have to break new ground”.

Oftentimes, Speakers and microphones are disregarded in security planning, and by availing frequencies outside the human hearing range it is apparent that such data could escape detection even when they are transmitted across a crowded workplace.

The analysis used five Lenovo T400 laptops running Debian 7.1, and was performed in a standard computer lab with no particularly unusual audio characteristics. Transmissions were sent at around 20 kHz and were found to be totally inaudible to humans during the experiment. The paper suggests that this frequency could be even higher, to make it even less probable to be caught, but this would lessen the broadcast range.

During the experiment the researchers were able to covertly log the keystrokes made by a user at one computer and broadcast them over audio through a chain of other computers until the message was eventually passed to a machine connected to the internet, and sent back to a malicious attacker despite the fact that the transmission rate is too slow.

“Alongside keystroke information it would also be possible to forward other security critical data such as private encryption keys or small-sized text files with classified information from the infected victim to the covert network,” said researchers.

Now there is a good reason for you to disconnect your built-in mics and speakers. Although it is pretty impractical, it might be worth doing on a governmental level.

We already train dogs to sniff for bombs and drugs. Clearly, the time is not very far when we shall be training them to hear the Malwares too.

On a related noted, NSA would be considering to implement this new technique somewhere in the world. So watch out!

Is http://www.getmonthlypay.com/ scam? Yes Scam

Cant use this website its fake website my personnel experience.They use this website for generating traffic Just.  

Drupal security update fixes a laundry list of problems, including "predictable random numbers"

The Debian Linux security team recently pushed out an wry security advisory for popular web content management system (CMS) Drupal.

As we've written before, CMSes and onlineforum software - applications that let you design, create, store, edit, backup, keep track of, and publish your website - are apopular target with cybercrooks.

After all, if a crook can get into your CMS, he can upload his own malicious downloads and booby-trapped web pages, and your server will helpfully store, organise and deliver his malware to an unsuspecting public.

You provide the brand, the reputation, the URLs and the bandwidth, and he doesn't even have to figure out how to wrangle his dodgy content into your databases or directory structure - he can point-and-click just like you would, and the CMS will do the heavy lifting.

That lends a certain pertinence to the security summary in Debian Security Advisory DSA-2804-1, given the laundry list of fixes since the previous Drupal update back in August:

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting.

Now THAT's what we call a vulnerability list!

We were especially interested in the bug relating to "insecure pseudo random number generation," since random numbers (or, more precisely, numbers that aren't random) have been a recurring theme in recent months.

Even Linus Torvalds, the rudest man in Linuxdom, has let rip about randomness lately.

Cryptography needs good-quality random numbers, so we went looking to see what Drupal had been doing wrong and how it had fixed the problem.

Amongst other things, the old code used a PHP function called mt_rand()for generating random passwords.

The mt part stands for Mersenne Twister, a highly-regarded pseudorandom number generator for non-cryptographic purposes.

The Twister is very fast, reliably produces an unbiased stream of 32-bit integers that doesn't repeat except on geological timescales, but it is designed for use in applications such as simulations and statistical analysis,not for cryptography.

The authors' own website makes this abundantly clear:

In short, if you know the last few hundred random numbers produced by the Twister, you can precisely reconstruct the internal state of the generation engine - clone it, in other words - and thus work out everything that comes next.

Worse still, the Drupal code didn't even bother to generate a decent-quality random starting seed for its Twister functions on startup, so you might even have been able to predict the initial state of the generator, and thus to predictall its outputs, not just those after you'd cloned the internal state of an already-running Twister.

Drupal's new code uses a function that at least tries to use a cryptographic-quality random generator, drupal_random_bytes(), calling OpenSSL or reading from Unix's /dev/urandom.

→ Under most Unix and Unix-like operating systems, /dev/urandom is a special file that can be opened and read in, just like a regular file such as a document or image. But the content is produced by a high-quality random generator running inside the kernel. Because any program that can read files can use/dev/urandom, there isn't really any excuse for trying to invent your own source of randomness.

If you're a Drupal user, get the update.

If you're a Drupal coder, leave the cryptography to cryptographers.

Spam from an anti-virus company claiming to be a security patch? It's Zbot/Zeus malware...

by Paul Ducklin on November 21, 2013 | 6 Comments

FILED UNDER: Botnet, Featured, Malware, Spam

Julie Yeates of SophosLabs (thanks Julie!) alerted us earlier today to a spam campaign that seemed to originate from a whole raft of different security and anti-virus companies.

The messages have a variety of subject lines, such as:

Windows Defender: Important System Update - 
  requires immediate action

AVG Anti-Virus Free Edition: Important System Update - 
  requires immediate action

AVG Internet Security 2012: Important System Update - 
  requires immediate action

Kaspersky Anti-Virus: Important System Update - 
  requires immediate action

Microsoft Security Essentials: Important System Update - 
  requires immediate action

The emails are all very similar, claiming to include an important security update to deal with "the new malware circulating over the net".

The parts shown in pink above vary from email to email, but the bulk of the content stays the same:

Important System Update - requires immediate action

It's highly important to install this security update due to the new malware circulating over the net. To complete the action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode. Please pay attention to this matter and inform us in case there is a problem.

The email doesn't explicitly mention the CryptoLocker ransomware that locks your files and tries to sell them back you.

But there is little doubt that many recipients, having heard of the ongoing saga of CryptoLocker, will be more inclined than usual to read on.

It's all a pack of lies, of course.

There is no "system patch KB923029," and even if there were, neither Microsoft nor any other reputable company would send out security updates as email attachments.

Also, if you are a native speaker of English, you should spot a number of niggling errors of usage and grammar in the text of the email.

→ The fact that an email is grammatically flawless, in English or any other language, is not an indicator of legitimacy. But language blunders in English, in an email purporting to come from the New York office of a legitimate software company, are a strong indicator of bogosity. If the crooks can't even be both to trying rite and spel decent, you may as well use their linguistic sloppiness against them.

The ZIP file contains an EXE (a program file); that program file is one of the many variants of the Zbot malware, also known as Zeus, that we see on a regular basis.

You're expected to open the ZIP and run the program inside, which has a name like this:

HOTFIX_patch_KB_00000...many digits...56925.exe

There's nothing wrong with having an EXE inside a ZIP file.

But a ZIP that contains only an EXE, and that was delivered by email, is just as suspicious as a plain EXE that arrives as an attachment.

If you do run it, the EXE installs itself into:

C:\Documents and Settings\%USER%\Application Data\

with a random filename, and adds itself to the registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\
   CurrentVersion\Run

so that it gets launched every time you reboot or logon.

We shouldn't need to remind you, but we'll do so in case you want to remind someone else:

• Don't open email attachments you weren't expecting.
• Don't believe emails that claim to be sending you a security patch - by email.
• Don't ignore clues such as poor grammar or spelling in emails that claim to be official.
• Don't neglect to keep your software patches up to date - but never by email.

Have you heard of the Happy Hour virus?

by Paul Ducklin on November 22, 2013 | 2 Comments

FILED UNDER: Featured, Linux, Malware, OS X, Windows

Friday afternoon fun

Vigilant Naked Security reader Betty Kann has alerted us to an online service that she felt security-conscious sysadmins ought to be made aware of.

We thought so too, but ended up on the horns of a "disclosurelemma."

That's where warning administrators in case their users access the service and thus trivialise computer security might cause users to access the service and thus trivialise computer security.

Created by an advertising agency in Boulder, Colorado, the website, called Happy Hour Virus, lets you deliberately simulate a security problem in order to leave work early.

"We expect this problem to peak on Friday afternoons," said David Ullard, the CYO of Boulder-based productivity and workplace security action groupBoulder Online Regulators of Interactive Network Games. "This is a true cross-platform threat, with modules for Windows, Mac and Linux users, each accessible with just a single click from any major browser."

Ullard, whose research has revealed that the site uses a command-and-control protocol called HTTP over network port 80, warns that some firewalls already permit this sort of traffic by default.

HTTP over port 80 is used by hundreds, if not thousands, of American business users every year for online activities as diverse as finding recipes, making contact with people they didn't like at school but suddenly want to be friends with 23 years later, and looking up the latest dollar value of Bitcoins.

The work-avoidance simulations used by Happy Hour Virus are as follows.

Mac users can pretend their Mac has shut down unexpectedly, though we suspect many administrators will see through this ruse, because Macs don't get viruses and thus cannot actually crash at all:

Linux users get to simulate what happens when they accidentally mix the experimental open source kernel drivers for their oddball graphics card with the proprietary window manager support modules provided by the card vendor:

And Windows users get what actually turns out to be an anachronism - an old-school Blue Screen of Death in the wrong font:

With nearly 102.6% of IT administrators already having moved their entire business away from Windows XP onto Windows 8, months before Microsoft's offical deadline, we're surprised that the Happy Hour Virus didn't go for a more modern look:

Administrators who want to have something to do while everyone else has ducked out early thanks to the Happy Hour virus may want to ask their Change Control Committee (those who aren't already in the pub, at any rate) for a ruling on the following:

• Blocking outbound access to any port with an "8" in it.
• Removing all web browsers except Lynx to prevent bogus graphics from appearing.
• Sending out an email to all staff saying, "Do NOT UNDER ANY CIRCUMSTANCES visit the website called happyhourvirus.com."

Have a good weekend!

Anonymous threatens Singapore with hacking attacks, calls for November 5 protest... perhaps

An anonymous person, claiming to be Anonymous, recently fired off a hacking threat against Singapore's financial systems. Should this threat be taken seriously? Read more..

"You can't have your privacy violated if you don't know your privacy is violated" House Intelligence Committee Chairman Mike Rogers suggested during a hearing at the US National Security Agency (NSA) on Tuesday that it’s impossible to have your privacy violated if you don’t know that your privacy is being violated. Read more..

Has Microsoft just PROVED why you should upgrade from XP? Microsoft just published its January-to-June 2013 Security Intelligence Report. The results seem to PROVE that you should get rid of Windows XP as soon as you can. Paul Ducklin checks the strength of the "proof"... Read more..

Adobe breach THIRTEEN times worse than thought, 38 million users affected Adobe originally estimated that the breach affected around 2.9 million users. As it turns out the number is actually 38 million, with the information taken including Adobe IDs, encrypted passwords, customer names, encrypted debit and credit card numbers, expiry dates and customer order details. Read more..

Elections before the hacking campaign targeted Iranian Gmail users: Google

Iranian users of Gmail accounts belonging to the closely watched thousands Friday leading up to the presidential election weeks have been targeted in a mass hacking campaign, Google Inc said on Wednesday.

Larger "e-mail-based phishing" attacks as the U.S. Internet company stated, their user names and passwords to your unsuspecting Gmail users try to cheat He said Iran was "politically motivated to publish in Iran's presidential election on Friday."


Google ", state-sponsored attacks and other suspicious activity," it is a policy to notify users that the fraudulent digital certificates that include a Gmail hacking campaign back in 2011, the same group that appear to be Continue to identify the perpetrators did not.

Most recent phishing campaigns started about three weeks ago, Google said. "Time and campaigns targeting" polls suggested a connection, Google said without explanation.

The Security Blog on Wednesday, the company purporting to be from Google administrators a phishing e-mail screenshot posted. Sent e-mail account, "Email.Settings @ gmail.com, the" user credentials for Gmail that there is a link to a fake sign-in page.

Google has said.

told the press.

Altaf Hussain in response to threats from TTP, MQM's website hacked

After the elections in the middle of the play, the MQM's official website: "Tehrik-i-Taliban Pakistan" phone hacked by a group of hackers who have been.

TTP group of hackers with this name emerged for the first time, and this is probably the group's first hacking case. We collect information about
hackers already are in the process.

Altaf Hussain - who have crossed and they should not talk to people like hackers of Pakistan, MQM left the message on the site, the party leader said.

It may be that MQM leader Altaf Hussain in Karachi yesterday were protesting against election fraud, who allegedly PTI protesters had threatened to kill recalled.

Hackers added:

Cyber ​​bank robbers get away with $ 45mn over the world: United States

New York: World Cyber ​​thieves cash withdrawal limit and using machines themselves, debit cards by hacking into companies stole $ 45 million, U.S. officials said Thursday.

Before large-scale robbery "in a matter of hours," Brooklyn, New York, U.S. prosecutor's office said.


New York prosecutors in 26 countries stretched the plot charges against eight people accused of setting up cell unveiled. In case of cash he allegedly raised $ 2.8 million and access device fraud and conspiracy to commit money laundering is facing charges.

Seven of the eight were arrested, U.S. attorney's office said. Leaders and ", Albertico" "Minister" and nicknamed the eighth, Alberto Yusi Lajud-Pena, two weeks ago, is reported to have been killed, the office said.

"The Internet has reached across the world stretched participated in large-scale 21st century bank robbery defendants and their co-conspirators," U.S. Attorney Loretta Lynch said in a statement.

"Guns and masks in place, the cybercrime group used laptops and Internet access."

Alaska fishing disciples over computers in the classroom

In Alaska, a group of students at a middle school administrator privileges for the computer control of fishing after taking his class.

According to the reports, a fake software update accept name and password for the administrator to enter, 12 to 13 year olds, Schoenbar middle school teachers said.


We group students' PCs to control access and use of their information.

We usually party on their computer was not responding to the complaint.

Associated Press At least 18 students in school in the city of Ketchikan Alaska in allocated 300 computers for student use to control forgery in which I was involved, he said.

People's computer was seized.

Dutchman arrested by police for allegedly Spamhaus web attacks

Authorities in Barcelona, one of the Web's largest cyber attacks, as his alleged involvement with a Dutchman arrested, the BBC reported today.
Spanish police arrested a 35-year-old Sven Kamphuis, Cyberbunker

Election Commission of India, more than 1,000 Pakistani hackers deface web sites

Indian hackers from the Election Commission of Pakistan in response to incidents of hacking, hacker group from Pakistan website hacked 1,000 Indian Election Commission said.

Seoul: China Cyberattack use the server becomes fit perfectly in Pyongyang MO

South Korea to North Korea on Wednesday for a massive cyberattack is the focus of suspicion, a Chinese university student group that monitors online activity win a prize, a new Asian destinations app on America sets, and an online advertising scam page view possible leads for appointment of an oral hygiene.

MiniDuke hackers zero in on Euro governments use Adobe's fault

PDF files look legitimate, but it is a complex malware popular Adobe governments across Europe, as well as a few U.S. organizations with hacking software download was used. Although it is not known what the hackers were after, individuals and event agencies latest security patches once downloaded, highlights the need to download.

It's a highly customizable piece of malware hackers that governments

Britam defense site hacking, leaked confidential documents by JAsIrX

Hacker attack on the site and the reasons why the documents were made public.

According to the Post:

Hi,

I am JAsIrX with your server after hacking defense Britam download documents will be shared.
This web site (the web site) on the server located in Malaysia. Web site with the same IP bugs are found and this site is uploaded via the web shell.

1-16 Feb 2013 Internet Cyber invasion Century

Timeline for February is the essence of cyber attacks. The social network probably a month or two "complex" for cyber attacks will remember: Facebook and Twitter.

But the attacks against two major social networks that period were not only significant events. Other governmental and industrial targets high (state-sponsored) running cyber criminals have fallen under: Government targets listed by the U.S. Department of Energy and Japan's Foreign Ministry is headed, while Bit9, a basic security firm was also targeted leadership Chart industrial purposes.

The U.S. vulnerable to attack Express, 2GB Data Capacity

@ TN_cyberarmy just us and other media are central American Express website allows access to the data sites contact exploit is announced.

which more than 2GB but so far has not been touched or my knowledge leaked yesterday.

Before that, he was first announced that American Express was violated.

They exploit proof of concepts have provided a screen cap.

{Anonymous} in memory of Aaron Swartz U.S. federal website hacked to death

RSS 1.0 programmer and co-author of the youngster, Aaron Swartz several documents related to the MIT and Jstor was charged with theft, and the pressure has chosen to take his own life. Since then, Anonymous collective official site of the University of holes, and now the punishment Commission has decided to hack the portal.

The hacktivist group Anonymous, according to an official

Windows For Android Tablet.

First step: Download Android SDK
To start, your site will need to install the Android SDK.: http://developer.android.com/ SDK / index.html
I'm actually the Android development of a working environment is set up with a whole story - an IDE like Eclipse you will need. But for now, we're concerned about tools subdirectory of the Asian Development Bank program.