August 14, 2018

Police body cameras can be easily hacked

Body cameras used by the law enforcement nowadays have already remained controversial but no one has, so far, attempted to assess the credibility of the device itself. But, a demonstration at Defcon 2018, in Las Vegas over the weekend showed police body cameras are increasingly becoming popular with U.S. police forces can be hacked and footage stolen or replaced. Associated metadata can be manipulated (such as the location, time, and date where the video was shot) as well as expose police officers to tracking and surveillance.

According to the findings of a security consultant at Australia based cybersecurity firm Nuix, by attacking police body cameras, a hacker can easily manipulate footages. Researcher Josh Mitchell assessed five different body camera models from different manufacturers: Vievu LLC (which was acquired by Axon in May 2018), Patrol Eyes, Fire Cam, Digital Ally Inc. and CeeSc and found these cameras to be vulnerable to remote digital attacks. These are the main companies that sell their devices to law enforcement authorities in the US. Surprisingly though, Mitchell left out the market leader Axon.

In theory, body cameras can act as an “objective” third party during police encounters with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.

There is scant evidence to suggest that body cameras limit the use of force or complaints about the use of force, however, and now even their ability to faithfully record a police interaction is being cast into doubt.

With the exception of the Digital Ally device, the vulnerabilities allow a hacker to download footage off a camera, edit things out or make modifications and then upload it again with no record of the change. Hackers can use the addresses to identify the cameras remotely, as soon as the device is switched on. This would allow hackers to keep a check on police activities as they can easily watch footages from various cameras that are switched on at the same time and place.
August 14, 2018

Hacker bribes Czech Police in effort to get the seized hard drive containing details of 3200 Bitcoins

Hacker Peter Krzhystka, who is accused of cyber-fraud, offered a bribe to police officer at 384 million kroons (17 million USD) for the return of the hard drive that was seized during the search. However, police officer Lukasz Lazetskiy from the city Brno refused a bribe.

The police consider Peter one of the most dangerous hackers in the country. Earlier, he was already sentenced to four years in prison for hacking Bank accounts and stealing financial information.

During a search of the hacker's apartment, the investigators seized his hard drive and other computer equipment to understand his criminal activities. The hacker showed special interest to the disc. But the police did not know what was on it, as no one was able to decipher the access codes to the digitized data.

According to the Prague News media, one of the hacker's friends offered to the police officer a bribe at 17 million $ and asked him to return the hard drive and to delete it from the list of confiscated property. As it turned out later, the hacker hid information related to more than 3,200 Bitcoins on the hard drive, the total cost of which is about 800 million kroons (about 35 million USD).

Police officer Lukasz Lazetskiy refused a bribe and reported the incident to his superiors. A criminal case was initiated on the fact of the attempted bribery.
August 14, 2018

Hacking a brand new Mac during setup process

Planning to get a brand new Mac that is free from all kind of bugs and has a robust security system, but there is no such device.

According to security researchers, a brand new Mac could be easily compromised remotely just after it connects to Wi-fi.

The researchers will demonstrate the Mac security flaw on Thursday at the Black Hat security conference in Las Vegas. The attack is done by taking advantage of Apple’s Device Enrollment Program (.pdf) and its Mobile Device Management platform.

The flaw in the enterprise tools allows hackers to install malware inside the operating system remotely.

Jesse Endahl, chief security officer of Mac management firm Fleetsmith, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.”

 “By the time they’re logging in, by the time they see the desktop, the computer is already compromised,”  Endahl says.

Last month, the security researchers had notified Apple about the flaw, and in response to that the company has released a patch for macOS High Sierra 10.13.6, however, the devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable.

August 13, 2018

Korean trojan spreading tentacles

A newly discovered ‘Key Marble’ strikes the cyber world causing huge concern for millions of internet users these days. The north korean Trojan, according to what the cyber security experts claim, helps the hackers get access to the details of a device at ease.

 Apart from these, ‘Key Marble’ keeps capturing the screenshots and can download files on every passing moments forcing the experts at the cyber security firms to evolve out an affective mechanism to counter the escalating threat of cybercrimes.

 After an initial study, the experts have stressed an updated anti virus software, strongest passwords to keep these hacking forces at bay.

Further, the internet users can configure personal firewalls on the workstation which could help them ignore unwanted requests.

 The existence of the malware in question surfaced as clear as broad day light when the top cyber security experts from McAfee had a great deal of deliberations at the Black Hat 2018 early this week.

Each of the speakers dwelt at length how the North Korean malware can infect the system. After code analysis the cyber experts successfully identified the links of the vital points acting on the case studies of how North Korea has been aiding and abetting the hackers.

 Both the companies---McAfee and Intezer code go to engine to ensure that the automated analysis process is done. The analysis of both the companies have some common striking similarities.

 The country’s top cyber research experts are learnt to have been possessing the details of the cyber attacks in North Korea. The cyber world experts claimed to have been in the possession of a link between a bank which keeps running at the leadership of a billionaire.

The bank in question got listed more than once in the very code of the malware which happens to be the possessor of fund that has gone missing.
According to the available records, the biggest one attacks, beyond doubt, targetted the Bangladesh Bank. Others in the hit list include the central bank of Bangladesh
August 12, 2018

Infamous Belarusian Hacker "Ar3s" behind Massive Andromeda Botnet Released

Sergei Yaretz, 35-year-old, one of the most wanted hackers from Belarus who was arrested in last December has been released.  It is reported that this is the first time in Belarus there was a process of cyber crime.

In December 2017, Sergei also known as 'Ar3s'( 'Арес' in Russian/Ares - The Greek god of war, also fictional super villain in DC Comics)  was arrested in a joint operation involving Belarus, U.S FBI and European Law Enforcement Agencies in order to dismantle the notorious botnet "Andromeda".

It is reported that the hacker is recognized as a leading expert in malware development and reverse engineering.  He was working in a local television "Televid" as a technical director.

He sold the Andromeda malware for $500 and the software update for $10.  In addition, Sergei was accused of administering forums for hackers.   He also reportedly charged about $250 for any assistance in taking data from any web browser.

He is also the administrator of the Andromeda bot network.  The Andromeda botnet is made up of a large number of computers that have been infected with malware that allows hackers to control them.  He also leased these networks to other criminal groups or individual hackers to mount malware or phishing or similar cyber attacks.
The Andromeda botnet was used by many cyber criminal groups to distribute a large number of malware.  According to Microsoft, there was 2 million infected computers were under the control of this botnet prior to the take down.
Sergei said that his program did no harm to the computer.  It all depends on the buyer.   He said he didn't steal money from anyone, was only selling the program.  He also said that the original developer of this malware from Russia asked him to help in distributing this malware because the original author did not have time.

It is reported that Microsoft sent a document to the local authorities stating that damage caused by the Ares is about 10 million dollars.  However, it was not presented in the court.  Only the 11,000 Belarusian rubles is considered as the damage of his action which he earned by selling the malware.

He pleaded guilty and repented. He even helped the investigation in the disclosure of the mechanisms of "Andromeda".

The prosecutor asked court to punish Sergei for 2 years of imprisonment.   The court sentenced him to pay a fine.  But, it is said that he does not need to pay the fine as he already spent 6 months in a custody during the trial.  According to the local media, he again got a job in TV.
August 11, 2018

Amazon Web Service Error exposes GoDaddy's 31000 servers

An unsecured  Amazon AWS bucket configuration has exposed exclusive information about the world's leading host provider company GoDaddy.

In June,  cybersecurity firm UpGuard’s risk analyst Chris Vickery found out files containing
detailed server information was stored inside an unsecured S3 bucket, a cloud storage service provided by  Amazon Web Services.

 Looking into the database "abbottgodaddy,"  he revealed that it contains multiple versions of data which might go over 31,000 GoDaddy systems.

According to UpGuard, the leaked information had architectural details as well as "high-level configuration information for tens of thousands of systems and pricing options for running those systems in Amazon AWS, including the discounts offered under different scenarios."

Exposed details include configuration files for hostnames, operating systems, workloads, AWS regions, memory, and CPU specifications.

"Essentially, this data mapped a very large scale AWS cloud infrastructure deployment, with 41 different columns on individual systems, as well as summarized and modeled data on totals, averages, and other calculated fields," the cybersecurity firm said.

Meanwhile, Amazon has issued a clarification, stating that no GoDaddy customer information was stored in the exposed S3 bucket:

"The bucket in question was created by an AWS salesperson to store prospective AWS pricing scenarios while working with a customer. No GoDaddy customer information was in the bucket that was exposed. While Amazon S3 is secure by default and bucket access is locked down to just the account owner and root administrator under default configurations, the salesperson did not follow AWS best practices with this particular bucket.”

August 11, 2018

New mechanism for computer hacking

Top cyber threat experts will rub shoulders on Wednesday in Last Vegas to dwelt at length the artificial intelligence technique that could help the hackers bypass the multi layered security measures.
The experts at the upcoming a Black Hat Security Conference are basically expected to focus the computer security from a new perspective to help the cyber security frayernity proceed with utmost care and confidence. The security firms got wind of the impending threat in the cyber world when a team of cyber defence experts from IBM Corp disclosed the details of the artificial intelligence technique deployed to hack a computer settings. The speakers are set to concentrate on the software and the its damaging character much to the benefit of those concentrating on the cyber defencing people engaged in many firms. So far nobody has claimed to have caught the software in question with the help of artificial intelligence. But according to what the researchers say, lots remain to come up for the days to come since the issue is a very hard one to be handle. Detecting the details of the software or the threat is a challenging task. What the hackers have done clearly suggests that they have an effective mechanism to carry out more attacks with a target to be reached. They have every potential to build up programme to carry out a Stuxnet like attack by US against a uranium storage in Iran. Top researchers engaged with IBM said the upcoming demonstrations or revelations will be of great significance in the next couple of years. There in lies the importance of the summit slated for Wednesday. A path breaking conference on an entry level automated programme took place in New York where the cyber defence experts demonstrated attacks and the successful approaches thereof. Now they say the evil inside these need to be exposed. To sum up, these new mechanism of machine learning seems to have given the computer hackers some new advantage.
August 11, 2018

Whatsapp Flaw Lets Attackers Alter Messages in Chats

An Israel based cybersecurity firm Check Point, claims that they have unearthed a flaw in WhatsApp that could be used to intercept and alter messages sent in group conversations as well as private chats.

Researchers believe that scammers would be able to alter the text message by changing a “quote” a feature to look like that someone has sent a message they did not actually send.

“By decrypting the WhatsApp communication, we were able to see all the parameters that are actually sent between the mobile version of WhatsApp and the Web version. This allowed us to then be able to manipulate them and start looking for security issues,” the blog post reads.

According to Check Point researchers, there are three ways through which users messages could be altered:

  • Changing a reply from someone to put words into their mouth that they did not say.
  • Quoting a message in a reply to a group conversation to make it appear as if it came from a person who is not even part of the group.
  • Sending a message to a member of a group that pretends to be a group message but is in fact only sent to this member. However, the member’s response will be sent to the entire group.

Meanwhile, the firm has informed WhatsApp about the severity of the flaw and advised them to fix as soon as possible.

The Facebook-owned WhatsApp has admitted about an alteration of the messages using "quote"  feature but denied that it is a flaw.  Spokesperson of Whatsapp Carl Woog said, "We carefully reviewed this issue and it’s the equivalent of altering an email."