Chat Service Website of Pakistan International Airlines Hacked

The chat service website of the Pakistan International Airlines (callcenter.piac.com.pk) has been hacked and defaced. A hacker that uses the online moniker Ch3rn0by1, a member of the P4K-M4D-HUNT3-Z group, has taken credit for the attack.

It’s uncertain why the Pakistani hacker has targeted the website of an organization from Pakistan.

His zone-h.org account shows that he usually targets Indian websites, which isn’t surprising considering that Indian and Pakistani hacktivists are in constant competition.

It’s uncertain what type of information Ch3rn0by1 has gained access to.

It’s worth noting that when Pakistan International Airlines customers access the Live Chat service, they are requested to provide their names and email addresses. It’s possible that the attacker has managed to gain access to this information.

At the time of writing, the defaced Pakistan International Airlines subdomain is still live. However, it’s possible that the website’s administrators are working on addressing this issue.

While this post was written, the PIA chat service was pulled offline.

US Marine website targeted by hackers

Pro-Syrian regime hackers have posted messages on a US Marine Corps recruiting website, urging troops to defy orders from President Barack Obama.

The hackers showed photos of people in American uniforms holding hand-written signs saying they would not fight for al-Qaeda in Syria.

‘Obama is a traitor who wants to put your lives in danger to rescue al-Qaeda insurgents,’ the message read, according to a screenshot from The Wall Street Journal.

The US Marine Corps confirmed the intrusion but said the affected site, Marines.com, the official recruitment portal for the Corps, was back to normal.

‘Marines.com itself was not compromised or ‘hacked,’ said Captain Eric Flanagan in a statement. ‘It was redirected for a limited amount of hours overnight.’

The site ‘is now operating normally and our team is actively monitoring the situation and prepared to mitigate any future issues’, he added.

The Marine Corps could not confirm who had defaced the site but the Syria Electronic Army reportedly claimed responsibility.

The group has claimed credit for recent cyber hacking of The New York Times, The Washington Post and other websites.

The Marine Corps site was hacked after President Obama said he backed military action against the Syrian regime in retaliation over the alleged use of chemical weapons against its own people.

Obama has put off any strike for the moment, saying he first wanted Congress to weigh in on the issue.

The Syrian regime has portrayed the country’s civil war as a fight against ‘terrorists’ while US officials have acknowledged the presence of al-Qaeda militants among a divided opposition.

Hacker Attacks Pull Down South and North Korean Websites

The occasion of the 63^rd anniversary of the 1950 -53 Korean War was also an occasion for the Koreas to be worried about. It is being reported that the South and North Koreas have become victims of hacker attackers today.

According to reports, government and media websites in both the nations had to be shut down following anonymous hacker attacks. Though no info has come about as to who the hackers are, the impact has been huge. While South Korea saw the websites of its presidential office and another government agency go bust, in North Korea the sites of Air Koryo, newspaper Rodong Sinmun, and news agency Korean Central News Agency were compromised.

The South Korean administration has viewed the attacks as very serious and has alerted the people against such cyber attacks. However, both the nations have not yet gone on record with comments on the problem.

It is being speculated that the hackers are a global group, and they had even warned via Twitter that they would attack North Korean Web sites on Tuesday. One reason they had come out with was that “North Korea was keeping most of its people off the Internet”.

The two nations have kicked off probes into the incident.

Meanwhile, a report also says that the two countries have been blaming each other of triggering hack attacks on respective sites in recent years.

Wiper, the Destructive Malware possibly connected to Stuxnet and Duqu

 

Kaspersky Lab publishes research resulting from the digital forensic analysis of the hard disk images obtained from the machines attacked by the Wiper – a destructive malware program attacking computer systems related to oil facilities in Western Asia.

Security researchers from Kaspersky Lab have uncovered information suggesting a possible link between the mysterious malware that attacked Iranian oil ministry computers in April and the Stuxnet and Duqu cyber espionage threats.

The malware wipes data from hard drives, placing high priority on those with a .pnf extension, which are the type of files Stuxnet and Duqu used, and has other behavioral similarities, according to Schouwenberg.

It also deletes all traces of itself. As a result, researchers have not been able to get a sample, but they’ve reviewed mirror images left on hard drives. Kaspersky’s researchers were not able to find the mysterious malware, which was given the name Wiper, because very little data from the affected hard disk drives was recoverable.

Even though a connection to Flame is unlikely, there is some evidence suggesting that Wiper might be related to Stuxnet or Duqu.For example, on a few of the hard drives analyzed, the researchers found traces of a service called RAHDAUD64 that loaded files named ~DFXX.tmp where XX are two random digits from the C:\WINDOWS\TEMP folder.

No one has ever found a sample of Wiper in order to study its code and determine exactly what it did to machines in Iran. According to Kaspersky, the malware’s algorithm is “designed to quickly destroy as many files as effectively as possible, which can include multiple gigabytes at a time.”

Although Flame can be updated by its creators with various modules, including conceivably a module that would destroy data, there has never been any evidence found that Flame had a module that was used to destroy data on machines or wipe out hard drives.

New Ransom worm infecting computers

New Ransom malware infecting computers

The Metropolitan Police have issued an urgent warning about a new ransom malware that is in circulation. Ransomware (also referred to in some cases as cryptoviruses, cryptotrojans or cryptoworms) comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed.

“The “malware” infects personal computers after users have accessed certain websites. *(It should be noted that there are several similar designs currently in circulation)”

Ransomware typically propagates like a typical computer worm, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program will then run a payload which will begin to encrypt personal files on the hard drive. More sophisticated ransomware may hybrid-encrypt the victim’s plaintext with a random symmetric key and a fixed public key.

The malware author is the only party that knows the needed private decryption key. Some ransomware payloads do not use encryption. In these cases, the payload is simply an application designed to effectively restrict interaction with the system, typically by overriding explorer.exe in the Windows registry as the default shell, or even modify the master boot record, not allowing the operating system to start at all until it is repaired.

We request readers to share this article with your friends on all social networks to alert them that this is a fraud and users are advised not to pay out any monies or hand out any bank details.

Police advice – “We would advise anyone who has been deceived by such a message and parted with any money to report the offence to their local police by dialling “101” or your local police. Virus/Malware infections where no money has been lost can be logged at http://www.actionfraud.org.uk/report_fraud.“

Modern ransomware attacks were initially popular within Russia, but in recent years there have been an increasing number of ransomware attacks targeted towards other countries, such as Australia, Germany, and the United States among others.

Cross Platform Trojan

malwarewinmaclin

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and requires users to approve a Java applet installation.

It detects if you’re running Windows, Mac OS X, or Linux, and then downloads the corresponding malware for your platform. The malicious files developed for each type of OS connect to the same Command & Control server that F-Secure has localized at IP address 186.87.69.249.

Karmina Aquino, a senior analyst with F-Secure said “All three files for the three different platforms behave the same way. They all connect to 186.87.69.249 to get additional code to execute. The ports are 8080, 8081, and 8082 for OSX, Linux and Windows, respectively.”

On upcoming 29th July 2012 Security Researchers Sina Hatef Matbue and Arash Shirkhorshidi going to Present “Graviton Malware” , which is Cross Platform Malware in ‘The Hackers Conference 2012’ . The purpose of ‘graviton’ is to become an artificial creature which can move between world of windows, world of apples, and world of empire penguins, etc. and remain stealth.

The Windows one sends the following information back to the remote attacker’s CPU details, Disk details, Memory usage, OS version, and user name. The Trojan can also download a file and execute it, or open a shell to receive commands. ‘Graviton’ is a combination of pure ‘C’ and ‘asm’.

Cyber Attacks on gas pipeline linked to China

 

The spear-phishing attacks laying siege to networks in the natural gas pipeline industry apparently are being carried out by the same group that hacked RSA security last year. The attacks, which have been occurring since late this past March, have targeted several of the country’s natural gas pipeline companies.

According to U.S. officials, it’s unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China.

 

DHS supplied the pipeline industry and its security experts with digital signatures, or “indicators of compromise” (IOCs). Those indicators included computer file names, computer IP addresses, domain names, and other key information associated with the cyberspies, which companies could use to check their networks for signs they’ve been infiltrated.

DHS officials and a spokesman have acknowledged they are working with the FBI to find out who may be behind the intrusions and malicious emails. The Monitor reports that some investigators now believe that the campaign is tied to another attack last year against cybersecurity company RSA, which the head of the National Security Agency told Congress could be traced back to China.

The group responsible for the RSA attacks has also been linked to several previous hacking incidents around the globe.Politico reports that these recent attacks, combined with the devastating 2010 natural gas pipeline explosion in California, illustrate the potential dangers of the rapidly expanding gas pipeline network.

The oil and gas sector has been targeted before. In February 2011 the computer security firm McAfee discovered a computer intrusion labeled “Night Dragon” that was traced to China. As part of that attack, individuals tried to obtain sensitive data and financial documents from the oil and gas companies about bids and future drilling exploration projects.

Video Conferencing Systems Vulnerable To Hackers

 

According to a story published earlier this week by the New York Times, A security expert at Rapid 7 found that common videoconferencing equipment could give hackers access to company conference rooms and boardrooms. An investigation led by chief security officer HD Moore with Rapid 7 began when he wrote a program to scan the Internet for videoconferencing systems.

HD Moore and Mike Tuchen of Rapid7 discovered that they could remotely infiltrate conference rooms in some of the top venture capital and law firms across the country, as well as pharmaceutical and oil companies and even the boardroom of Goldman Sachs all by simply calling in to unsecured videoconferencing systems that they found by doing a scan of the internet.

Moore’s scan covered about 3 percent of the addressable internet and found 250,000 systems using the H.323 protocol, a specification for audio and video calls. Moore said he found more than 5,000 organizations had left auto-answer enabled in products from vendors including Polycom, Cisco, LifeSize and Sony. Overall, the findings mean up to 150,000 systems across the internet could be vulnerable, according to Rapid7.

“What made this interesting is that you are only going to find places that can afford $25,000 videoconferencing systems, so it’s a pretty self-selecting set of targets,” Moore says.

He hopes that by exposing these flaws it will persuade vendors and end-users to take the issue of video-conferencing security seriously.

Why US Aircrafts Drop Spy Devices in Syrian ?

 

Last week Iranian engineer claim to hijack U.S. drone by hacking GPS system using GPS spoofing. On December 14, residents of a small town in northern Syria reported seeing unidentified aircraft circling overhead, and dropping several small items attached to mini-parachutes , which entered Syrian airspace through the Turkish border. The gadgets, pictured here, look suspiciously like surreptitious listening devices. Residents say the question is : who dropped them, and why?

The sources explained that the aircrafts that dropped the devices were American, not Turkish. They added that the aircrafts took off from Incirlik air base, southeast of Adana, which is 130 km away from the city of Afrin, mainly to belong to the Kurdish nationalists.

“This action aims at eavesdropping on communications between the Syrian troops, locating their spots accurately and collecting any information about it in order to provide them to U.S. and Turkish authorities, and perhaps to the Syrian Free Army as well as monitoring any military movement by the PKK in the region,” from the sources.

 

Syrian newspaper Al-Hakikah (The Truth), which supports the opposition Syrian National Council, said the suspected spy gadgets weigh about 90 grams each and bear “Made in Germany” labels, as well as “GRAW DFM-06” inscriptions. Graw is a Nuremberg-based German company that produces radiosondes, small radio transmitters used in weather balloons, that measure various atmospheric parameters and transmit them to fixed receivers. But Al-Hakikah reports that the devices found in Afrin seem to transmit GPS coordinates, and appear to have been modified to intercept radio communications. Some suspect that the devices are aimed at eavesdropping on the communications of Syrian government troops and of Syrian Air Force planes, which are engaged in an increasingly bloody conflict against the opposition Syrian National Council. This, says Al-Hakikah might point to American intelligence agencies, which are known to support the opposition Syrian Free Army, as the originators of the modified radiosondes.

This can be attempt to monitor suspected activities of the Kurdistan Workers Party (PKK), an armed secessionist group fighting the Turkish government, which is known to operate from bases in northern Syria.

On other Hand U.S. intelligence agencies have pin pointed many of the Chinese groups responsible for spying in the U.S., and most are sponsored by the Chinese military, according to people who have been briefed on the investigation.

A spy drone came down in Iran – no apology from Obama Administration – give us the drone backThe US has asked Iran to free “without delay” a US man of Iranian descent described by Tehran as a CIA spy.

Saudi Arabia’s King Saud University Database Hacked

 

The Official Website of King Saud University (KSU) Got hacked by some unknown Hacker.is a public university located in Riyadh, Saudi Arabia.

Database of 812 Users hacked from http://printpress.ksu.edu.sa/ and dumped on Internet by Hacker on a file sharing site including Mail address list, mobile phones and passwords.

Passwords are not encrypted in any hashes. Most of the Students using same Email ID and Password for Facebook and Other Sites.

Its not clear weather its Part of Cyberwar b/w of Israel and Saudi Arabia.