Sunday, 19 February 2017

On 01:11 by Vismit Rakhecha   No comments
NOIDA: A bank official has registered a case against unknown person for allegedly hacking his WhatsApp account and posting indecent messages to people in his friend list and also on different groups. The complainant is a resident of Sector 37. He works with a private bank in Sector 29.

Cyber Crime Investigation (CCCI) for investigation.

The complainant said that someone hacked his WhatsApp account on Friday late night and sent some offensive messages. In the morning his friends called him to inform there was something wrong with his phone as they had received offensive contents from his WhatsApp account.

The victim checked his phone and found but did not find the message delivered from his phone. The victim told police that someone hacked his WhatsApp account and delivered the message through WhatsApp web, from a remote location using a computer.

Vivek Ranjan Rai, inspector CCCI Noida, said that they are investigating the matter.

Saturday, 18 February 2017

On 02:58 by Vismit Rakhecha   No comments
Parents are being warned that a popular child’s toy doll could be hacked into by online predators.
The My Friend Cayla doll can be “easily hacked”, according to one North Wales computer expert, and there are fears that any reasonably capable hacker could pair up with the device and communicate with children through it.

One worried parent from Rhyl , whose daughter has one of the popular toys, told the Daily Post she wouldn’t be activating it after hearing about the risks. Families in Germany have just today (Friday) been instructed to destroy the toy over fears it could be used as a surveillance device.
Cayla has previously been named as a Christmas bestseller and is effectively a bluetooth headset dressed as a doll.
She’s designed to be your best friend and will talk at length about her hobbies, pets, and favourite foods. With the help of a Wi-Fi connection, she can even answer trickier questions about geography and celebrities.

But hackers have found a way to get into Cayla’s system to modify commands and change her responses to questions, making her say anything they want - including words on her 1500-strong ‘bad’ list.
If your phone is off or out of range, any device could effectively connect with Cayla via bluetooth and therefore communicate with your child.

Security researchers say the doll could be made safer by having a number or password, which owners would have to enter in order to connect via bluetooth, and so prevent unwanted pairings.
But Will Davies, who runs Prestatyn-based IT company Interwebi, said the safeguards could be easily bypassed.

He told the Daily Post: “Cayla is basically a bluetooth headset inside a doll that interacts with the internet, you can even make calls from it.

“The root of the problem is the ease of access to the database of ‘safe’ statements - this can be easily hacked once a rogue device pairs with it.

“The database has been encrypted but isn’t secure, so for example I could just change: ‘I love going to toy shops,’ to something horribly sinister if I chose to.

“I could also remove all the ‘unsafe words’ from the doll, so that if someone said a profanity, the doll is programmed to say ‘I don’t want to talk about that’ but I could change the default response to whatever I wanted.

“There’s nothing you can actually do to lock the doll down to prevent hacking.

“Effectively, the encryption is an empty gesture so it’s like locking your front door, but leaving the keys on the doorstep.”

Mr Davies advised parents: “Keep the master bluetooth in range to avoid hacking, turn the doll off when not in use and keep an ear out for strange phrases regularly.”

A Rhyl mum, who recently bought the doll off a Facebook selling site, told the Daily Post: “I haven’t had chance to activate the doll yet, but I won't be doing it now.

“It’s like something out of a horror film, it’s scary to think that hackers can potentially talk to my child.
“It’s horrible to think some one could try to groom your child through it.”

Friday, 17 February 2017

On 22:06 by Vismit Rakhecha   No comments

On 21:53 by Vismit Rakhecha   No comments
MORNING DELAYER and late night plan ruiner Southern Rail reportedly uses ticket and information kiosks that could be hacked by people with literally nothing better to do.

You know those ticket machines. You go to them when the typically sullen person in the ticket office is outside picking up cigarette butts or is just nowhere to be seen. They usually lurk outside stations and may smell faintly of dog wee. They probably don't take change when change is all you have, and lull you into buying a single when what you really wanted is a return. There is nearly always a queue for them and the person at the front is often interacting with it like the monkeys at the start of the movie 2001.
Anyway. Those problems aside, they can also be tinkered with by people who like to tinker with things for what we understand are "shits and giggles". 

A mysterious security researcher told SC Magazine about his ‘discovery', telling the web site that it is possible to escalate privileges on the machines.

"The machines are clearly remotely administered which would indicate a connection is required to allow this process," he said.

"The concern is that the machine not only allows privileged access to this degree, as demonstrated in my picture, but more importantly, it will allow the machine to be used as a bounce point for further attacks."
SC's guy told Southern Rail about his discovery, and Southern Rail told SC Magazine that this isn't really much of a big deal. Of course, that is relative. 

"There is no personal or confidential information held on these information kiosks, which merely give access to websites allowing our passengers to plan their journeys and check other information," it said.
"However, as a precaution, we have taken immediate steps to lock the kiosks out of use while our suppliers carry out a thorough investigation."
On 00:35 by Vismit Rakhecha   No comments
Islamic State supporters are being targeted with a modified version of the Telegram Android app that contains a version of the OmniRAT remote access toolkit.

The app, named plus_gram.apk, is spread via ISIS' Telegram channels. Some Daesh members have detected the embedded malware and are now warning others.

Posts on underground ISIS forums detailing this new threat have been discovered by a security researcher who wanted to remain anonymous.

Daesh forum
The forum post links to a Nvisio scan that classifies the plus_gram.apk package as "confirmed malicious."

Security researcher FourOctets, who Bleeping Computer asked to take a look at the malicious app, was the one to spot the OmniRAT trojan.

OmniRAT is a commercially-available Remote Access Trojan (RAT) available online, with packages for infecting Android, Windows, Mac, and Linux systems, one of the few that can target so many operating systems.

According to the OmniRAT homepage, the Android version of this RAT can read and write phone logs, retrieve SMS messages, get GPS coordinates, silently install apps, access the microphone, access the camera, dump the phone's memory, and more.

Amateurish attempt

According to both FourOctets and the anonymous researcher, whoever put together the plus_gram.apk app has no expertise in working with malware.

"They didn't even try to hide what it was," FourOctets said. "[OmniRAT]  It's still in the XML file."
"I'm thinking it's just old code repacked for Android, using a common vector," the anonymous researcher also added. The researcher described the person put the malware together as "an amateur/hobbyist."
Below is a video presentation of OmniRAT.

Thursday, 16 February 2017

On 02:53 by Vismit Rakhecha   No comments

Hack Incidents DDOS Attacks

Recently, a 4-star hotel in Austria was hacked, wherein their guests were locked in their rooms. And substantial amount of bitcoins were asked for ‘releasing’ them. Each room of the hotel was covered under Internet of Things ecosystem and the hackers hacked the entire platform.

If we believe Akamai’s latest report on the State of Internet/Security, then such IoT hacks can increase in the coming months. In fact, under DDoS (Distributed Denial of Service) attacks, IoT was the biggest target during Q4 of 2016.

1.1 Crore Web Apps In India Were Hacked

India was 4th largest destination for hackers in Q4 2016, as a total of 1.1 crore web apps were successfully hacked in India.

This is indeed an alarming situation, as recently we reported how Ministry of Home Affairs website was shutdown even as the officials were not even aware whether the website was hacked or not. As per Govt. estimates, more than 2 Govt. websites are hacked every day in India.

Globally, 27% more hacks were reported, compared to the same period last year.

US was the #1 destination for hackers as a total of whooping 24.2 crore web apps were hacked in that country. Brazil is at #2 rank for top destination nation for hacking, while Germany is #3. UK, Japan, Netherlands, China, Australia and Canada are ranked #5, #6, #7, #8, #9 and #10 respectively.

India Is 10th Largest Source Nation For Hacking

web application attack
If we talk about hackers, then India is the 10th largest nation from where hacking originated. A total of 86.38 lakh hacks originated from India during Q4 of 2016.

For the second straight quarter, US and Netherlands were #1 and #2 source hacking countries. This way, US is both #1 target and #1 source for hacking web apps.

Germany is the third biggest source for hacking.

Within Asia, China, India and Japan were the top nations from where hacking originated. China is the #1 destination in Asia as 1.4 crore hacks originated from this country.

Interestingly, Russia, which had a dominant position in the ranking for hackers, finds itself below European countries.

DDoS Based Internet of Things Attack on The Rise

DDOS Attach Frequency
Akamai specially mentions the increase in hacking incidents of Internet of Things platform, using DDoS mechanism.

Trojan was the most common virus for injecting DDoS into IoT platforms, and creating havoc across various industries, especially gaming, media and finance.

The report said, “As vulnerable devices are added to IoT-based botnets, we will continue to see surges in botnet capabilities and DDoS attack size.” As per the findings of the report, as more and more devices are connecting to one another, hackers are finding it easier to hack and inject ransomware and other viruses.

There were 12 major DDoS attacks in Q4 of 2016, and out of that, gaming organisations were victims of 5 major attacks, whereas media industry witnessed 5 major attacks.

Wednesday, 15 February 2017

On 22:31 by Vismit Rakhecha   No comments

LAHORE: The official website of the city district was restored on Wednesday three day after it was allegedly hacked by an Indian hacker group 'IND 3MB3R'.

The attack is said to be a response to alleged Pakistani hackers targeting Indian websites.
The cyber warfare between Pakistan and India is not relatively new as hackers from both countries have had defaced several websites of each other's country.

Interestingly, The Urban Unit, which has developed the website, is not ready to accept the responsibility for running the web portal. When contacted, The Urban Unit Chief Executive Officer (CEO)'s spokesperson said, "We have handed over the website to the City District Government Lahore (CDGL).
While Lord Mayor Spokesperson Imran Maqbool said that the website was in the control of the CDGL and not of the CDGL.

Meanwhile, the Indian hacker group in a message left on the hacked web portal of the city district claimed that it was a response to the alleged hacking by Pakistan hackers collectively called Pak Cyber Skullz, which had allegedly defaced the Indian Government District Education Office Surat website.
"Pakistani kids keep distance from Indian server. It's payback for hacking Indian.

sites." The hacker group had not only defaced the website with an image of a 'Sadhu' but also posted Indian Army insignia," read the message left by the Indian hacker group on the web portal of the city district.

Earlier, the web portal of the Khyber Pakhtunkhwa Right to Information Commission was allegedly hacked by Indian hackers last month while a Pakistani hacker group 'Alone Injector' had also allegedly defaced the Indian National Security Guard (NSG)'s website and left anti-India messages targeting Indian Prime Minister Narendra Modi.

According to different national and international media reports, 'Pakistan Haxors Crew' had claimed to have defaced 7,051 times Indian websites, including government and non-government, especially after India launched surgical strike in Indian-held Kashmir.

Similarly, Congress Vice President Rahul Gandhi's Twitter account was targeted in December 2016 while Indian Institute of Technology's servers were hacked by anonymous hackers with the message 'Pakistan Jindabad' left on the web portal.

In October 2016, Pakistani hackers allegedly forced Indian pilots to listen a song 'Dil Dil Pakistan' after hacking into Indian planes.