Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking Tools. Show all posts
Reddit
Cyber Attacks Digital Infrastructure Hacker attack Hacking Tools North Korea Online Security Reddit

Hacker Who Took Down North Korea’s Internet Reveals Key Insight

 

Alejandro Caceres, known online as P4x, recently revealed himself as the hacker who managed to take down North Korea’s internet for over a week. This feat, conducted entirely from his home in Florida, has drawn significant attention, and Caceres recently took to Reddit to allow people to “ask him anything” about his experience hacking into one of the world’s most secretive and isolated nations. 

Caceres, a 38-year-old Colombian-American cybersecurity entrepreneur, was unmasked as the hacker behind this attack by Wired magazine. He explained that his actions were in retaliation after he was targeted by North Korean spies attempting to steal his hacking tools. In response, he decided to hit back by attacking North Korea’s internet infrastructure, a move that kept the country’s limited public websites offline for over a week. He told Wired, “It felt like the right thing to do here. If they don’t see we have teeth, it’s just going to keep coming.” In his Reddit thread, Caceres discussed the simplicity of his attack, saying, “Honestly, I’ve been asked this a lot. And I can’t really tell haha. I used to say nah it wasn’t that hard.” 

He later clarified, “People told me it wasn’t hard only because I’m trained in this.” Caceres took advantage of North Korea’s outdated and minimal internet infrastructure, which he described as “little sticks and glue.” He noted that North Korea has only two routers for internet ingress and egress, making it easier for a skilled hacker to disrupt the system. When asked about the possible consequences of his actions, Caceres admitted he had faced little to no backlash. “Everyone seems to sort of like it but cannot say that officially. Honestly, I expected a LOT more negativity just because that’s the natural order of things,” he remarked. 

The only attention he has received so far has been from intelligence agencies interested in learning how he managed the hack. He recounted how these meetings sometimes took place in basements, joking, “It was super X-Files type s**t but also like any normal meeting. Weird dissonance…” Reddit users also asked about the possible risks and repercussions of his actions. Caceres expressed surprise at not having faced any direct threats or legal actions. “I have not yet been murdered or arrested, so that’s pretty good,” he joked. 

As of now, Caceres has not faced any significant consequences beyond curiosity from intelligence agencies wanting to understand his methods. Caceres’s hack on North Korea serves as a reminder of how vulnerable even the most secretive and controlled nations can be to cyberattacks, especially when dealing with experienced hackers. While his actions have garnered admiration and a certain level of respect in online communities, they also raise questions about the potential consequences for international relations and cybersecurity norms. 

As the world increasingly relies on digital infrastructure, incidents like this highlight both the possibilities and the dangers of hacking in a hyperconnected world. Caceres, for his part, remains unrepentant and open about his motivations, positioning his actions as a form of digital self-defense and a warning against further provocations from hostile entities.
Read more »
malware
Computer Hacking Cyber Security Tool Dark Web Dark web malware Hacking Tools malware

Dark web listings for malware aimed at companies on rise


There's been a significant rise in the number of dark web listings for malware and other hacking tools which target the enterprise, and an increasing number of underground vendors are touting tools that are designed to target particular industries.

A study by cybersecurity company Bromium and criminologists at the University of Surrey involved researchers studying underground forums and interacting with cyber-criminal vendors. The study found that the dark web is fast becoming a significant source of bespoke malware.

In many cases, the dark web sellers demonstrated intimate knowledge of email systems, networks and even cybersecurity protocols in a way that suggests they themselves have spent a lot of time inside enterprise networks, raising questions about security for some companies.

"What surprised me is the extent you could obtain malware targeting enterprise, you could obtain operational data relating to enterprise," Mike McGuire, senior lecturer in Criminology at the University of Surrey and author of the study, told ZDNet.

"There seems to be an awareness and sophistication among these cyber criminals, to go for the big fry, to go where the money is, as a criminal, and the enterprise is providing that," he said, adding: "What surprised me is just how easy it is to get hold of it if you want to."

McGuire and his team interacted with around 30 sellers on dark web marketplaces – sometimes on forums, sometimes via encrypted channels, sometimes by email – and the findings have been detailed in the Behind the Dark Net Black Mirror report.

The study calculated that since 2016, there's been a 20 percent rise in the number of dark web listings that have the potential to harm the enterprise.

Malware and distributed denial of service (DDoS) form almost half of the attacks on offer – a quarter of the listings examined advertised malware and one in five offered DDoS and botnet services. Other common services targeting enterprises that were for sale include espionage tools, such as remote-access Trojans and keyloggers.
Read more »
Ransomware tool
Baltimore Cyber Attacks Hacking Tools NSA Ransomware Ransomware tool

Ransomware tool causing chaos in Baltimore was developed by NSA



A recent spate of ransomware attacks in Baltimore and other U.S. cities has been executed using a tool developed by the National Security Agency (NSA). Thousands of people in Baltimore have been locked out of their computers in the past three weeks, causing disruption across the city. And this has been enabled by a piece of software created by the NSA, according to a report in the New York Times.
The EternalBlue exploit takes advantage of a vulnerability in Microsoft Windows machines to infiltrate target computers. The software was stolen from the NSA and leaked by hackers in 2017, and since then has been used in a wide variety of cybercrinimal schemes. 2017’s WannaCry attack used the software, as did Russia’s NotPetya attack on Ukraine last year.
Now the same software is being used against U.S. citizens, causing particular problems for local governments with machines which have been disrupted. Many local governments do not regularly update their computers, leaving them vulnerable to exploits. In Baltimore, hospitals, airports, ATMs, shipping operators, and vaccine-producing factories have all been effected in the last few weeks.
The software locks the target computer’s screen, then shows a message demanding a payment of around $100,000 in Bitcoin for the target to regain access to their files. “We’ve watching you for days,” the message says, according to The Baltimore Sun. “We won’t talk more, all we know is MONEY! Hurry up!”
The NSA has never acknowledged the theft of the software or its responsibility for the cyberattacks conducted using it.
“The government has refused to take responsibility, or even to answer the most basic questions,” Thomas Rid, a cybersecurity expert at Johns Hopkins University, said to the Times. “Congressional oversight appears to be failing. The American people deserve an answer.”
EternalBlue may have been developed with good intentions to protect national security, but this event shows the problems with law enforcement or intelligence agencies having tools which allow them access to computers and phones. When such a tool is leaked, it can no longer be controlled.

Read more »
NSA
APT attacks Hacking News Hacking Tools NSA

Buckeye APT hackers stole the NSA hacking tools before Shadow Brokers leaked these tools




Buckeye APT hackers, a Chinese State sponsored group employed the tools of Equation Group which were leaked by the Shadow Brokers in 2017, a year earlier than the leaks.

Shadow Brokers is a mysterious assemblage of hackers who stole malware, hacking tools and zero-day exploits from the Equation group which is a branch under the NSA and is one of the most advanced and futuristic cyber attack groups across the world.

Conducting operations since 2009, Buckeye group, also known by the name of APT3, exploited these tools earlier for carrying out multiple attacks on to a number of organizations on their list, they did so in order to gain unauthorized access to these organizations mainly based in the United States.

Besides being responsible for exploiting zero-day vulnerabilities in 2014, the Buckeye group, a couple of years later, used 'Trojan.Bemstour', a custom exploit tool in order to reach the targets.

With the intent to attain remote kernel code execution on victims' computer systems, Bemstour exploited the following zero-day vulnerabilities on Windows – (CVE-2019-0703),(CVE-2017-0143). These were later employed by EternalRomance and EternalSynergy, two NSA owned exploit tools,

Referenced from the findings of Symantec report, “Bemstour is specifically designed to deliver a variant of the DoublePulsar backdoor. DoublePulsar is then used to inject a secondary payload, which runs in memory only. The secondary payload enables the attackers to access the affected computer even after DoublePulsar is removed. “

“The variant of DoublePulsar used in the first attacks performed by Buckeye was different to that leaked by the Shadow Brokers. It appears to contain code to target newer versions of Windows (Windows 8.1 and Windows Server 2012 R2), indicating that it is a newer version of the malware.”






Read more »
iPhone
Computer Security CyberCrime and Law Cyberhacking eBay Hacking Tools iPhone

iPhone hacking tool for sale on eBay

iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones and now its hacking tools are available to buy on eBay.

Cellebrite phone-cracking devices, beloved by law enforcement, are available at bargain-basement prices so you can get a gander at all the devices that the police have presumably been able to squeeze for data.

The Cellebrite Universal Forensic Extraction Device (UFED) is a smartphone hacking tool commonly used by the FBI, Department of Homeland Security and other law enforcement agencies in the US and elsewhere. It’s the most powerful tool yet created by the Israeli company, able to extract a huge amount of data – even data which has been deleted from phones.

Security researcher Matthew Hickey who is the co-founder of the training academy, Hacker House recently told Forbes that he’d picked up a dozen Cellebrite UFED devices for dirt cheap and probed them for data, which he found in spades.

For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.

A brand new one normally costs $5,000 to $15,000 depending on the model.

What surprised Hickey was that nobody bothered to wipe these things before dumping them onto eBay, he told Forbes:

“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere.”
Read more »
Hacking Tools
Cyber Security Hacking Tools

Facebook rewards Researchers for Vulnerability Discovery Tool

(pc- google images)
Facebook has awarded a prize of $100,000 to a team of security researchers in Georgia for finding a new class of vulnerabilities in browser-based C++ programs.

The award “Internet Defense Prize” was given at the 24th USENIX Security Symposium in Washington D.C. for projects that encourage internet safety. The payout of $100,000 was double of what was awarded to German researchers Johannes Dahse and Thorsten Holz last year, who won the prize for their paper, “Static Detection of Second-Order Vulnerabilities in Web Applications.”

This year’s prize winners; PhD students Byoungyoung Lee and Chengyu Song, along with Professors Taesoo Kim and Wenke Lee revealed a new class of C++ vulnerabilities and introduced CaVeR, a runtime bad-casting detection tool.

CaVeR performs instrumentation at compile time and uses a new runtime type tracing mechanism—the type hierarchy table—to overcome the limitation of existing approaches and efficiently verify type casting dynamically. The researchers claim to have applied CAVER to the code of the Chromium and Firefox browsers and discovered 11 previously unknown security vulnerabilities: nine in GNU libstdc++ and two in Firefox.

Facebook Security Engineering Manager Ioannis Papagiannis explains, “C++ supports two major different types of casting operators to convert one type of data into another: static and dynamic casts. Dynamic casts are checked at runtime for correctness, but they also incur a performance overhead.
People typically prefer to use static casts because they avoid that overhead, but if you cast to the wrong type using a static cast, the program may end up creating a pointer that can point past the memory allocated to a particular object. That pointer can then be used to corrupt the memory of the process."

Papagiannis said that CAVER makes it possible to have the best of both worlds: using static type casting to improve performance, but identifying type casting vulnerabilities that can then be addressed.

He added, “We all benefit from this kind of work. A large part of why Facebook has been successful in serving nearly 1.5 billion people is because we have been quick to introduce and adopt categories of systems and frameworks that prevent whole classes of vulnerabilities at once. As an industry, we need to invest in those kinds of solutions that scale.”
Read more »
Information Security
Cyber Security News Cyber Security Tool Featured Hacking Tools Information Security

Will Cyber Security Companies shift their Headquarters out of US?


Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.


Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.
Read more »
Software Release
Hacking Tools Password Crackers PenTesting Tools Software Release

TNS released WPA attack tool "Reaver" that Cracks WPA within 10 Hours

Just a day after security researcher Stefan Viehbock released details of vulnerabilities in the WiFi Protected Setup (WPS) protocol that allows attackers to recover WPA/WPA2 passphrases in a matter of hour, a security firm "Tactical Network Solutions" has published an open-source tool capable of exploiting the vulnerability.

Reaver is WPS attack tool ,capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).

There are two offerings of the Reaver tool. The free open source version, which has limited functionality and a commercial version which is user friendly and feature-rich

Download it from here:
http://code.google.com/p/reaver-wps/downloads/list


Read more »
Subscribe to: Posts (Atom)