Analyzing the Biggest Bank Robbery in History: Lessons in OSSTMM Analysis

Pete Herzog

'....The power and elegance of the OSSTMM became clear while I was at a cafe in Bern, Switzerland last year to meet with two other ISECOMers: Nick Mayencourt, a Board Director and Philipp Egli an ISECOM trainer and the talk turned to robbing banks. That's not uncommon because Switzerland is very big on banking and also very big on security, especially the OSSTMM. So with the biggest diamond heist of the last century in the news again, you may have seen the movie based on it called Ocean's Eleven, we took a look at the case through the eyes of an OSSTMM Analyst. This is how it went….....'


12 July will be biggest day in Anonymous's history, hacker group warns

'....Online hacktivist group Anonymous has said that it would reveal "explosive" secrets to embarrass Metropolitan police and judges in the UK, according to a report by the Guardian.The group is believed to be angry on the proposed extradition of whistleblower site WikiLeaks founder Julian Assagne. The group wants to target the Met over News International's phone hacking as well as over the investigation of the murder of teenager Milly Dowler......'


Hacker groups claims hit on US defense contractor

'....Hacker group Anonymous on Monday released a trove of military email addresses and passwords it claimed to have plundered from the network of US defense consulting firm Booz Allen Hamilton.Anonymous made available a file containing more than 90,000 email addresses and other information it said in online messages that it stole from an unprotected server at Booz Allen.......'


How to secure your confidential business information from your own IT staff

Paul Venezia

'....For many small companies, the IT staff is a single person or even a consultant brought in to handle the business's computing upkeep.Either way, the question of what your IT person knows about the inner workings of the company is well worth asking......'


How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History

Kim Zetter

'....After all of the effort put into deciphering Stuxnet, the code itself still holds a couple of mysteries — two small encrypted files that researchers have yet to crack. One file is 90 bytes, and gets copied to every system Stuxnet infects. The other is 24 bytes and gets copied to Step7 machines when Stuxnet's malicious DLL file gets installed. The two files could hold additional clues to Stuxnet's aims or origins, but we might never discover them......'


Hackers claim they exposed Booz Allen Hamilton data

Elinor Mills

'....Hackers flying the AntiSec banner claimed today that they compromised a server at consulting firm Booz Allen Hamilton and have released internal data, including about 90,000 military e-mail addresses......'


Anonymous Leaks 90,000 Military Email Accounts in Latest #AntiSec Attack

Sam Biddle

'....The leak, dubbed 'Military Meltdown Monday,' includes 90,000 logins of military personnel—including personnel from US CENTCOM, the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and what looks like private sector contractors.Their correspondences could include exchanges with Booz Allen's highly brassy staff of retired defense folk: current execs include three former Directors of National Intelligence and one former head of the CIA.......'


Banks' billion-dollar idea: Sell your shopping data


'....Many of the nation's leading banks and card issuers, including Wells Fargo, Citi, USAA, Sovereign Bank and Discover, are selling information about consumers' shopping habits -- how much they spend, where they shop and what they buy -- to retailers.Retailers are using the data to offer targeted discounts via text, email and online bank statements......'


Criminal hacking industry helps driving hacktivism

'....To understand how Lulzsec could thrive requires an understanding of how criminal hacking operates. The Digital Age has created a huge, global black market for data. Today, mature online exchanges exist that resemble eBay in structure, only their focus is selling personal and corporate data of all kinds. For example, credit cards are put up for sale in this hacker forum.......'


Syria's cyber war against dissidents

'....Syrian security forces use tanks, bullets and tear gas against anti-regime protesters by day, but by night they are more stealthy, targeting dissent using the opposition's own weapon......'


Social network sites 'have duty' to stop cyberstalking

Jim Reed

'....The first British study into cyberstalking found victims were more likely to be harassed on sites like Facebook than by email or mobile phone.The authors want sites to sign up to a code of practice setting out......'


Israel uses Facebook to blacklist pro-Palestinian protesters

Emil Protalinski

'....Israel used Facebook to compile a pro-Palestinian blacklist of hundreds of names. On Friday, the country's government then asked foreign airlines to keep those on the list off flights to Israel, prevented many activists from boarding Tel Aviv-bound flights in Europe......'


I Flunked My Social Media Background Check - Will You ?

Mat Honan

'....Your next job application could require a social media background check. Odds are, you have no clue what that means. Nobody does.We wanted to know. So we ran background checks on six Gizmodo employees.......'


Nick Davies on phone hacking, Murdoch and News of the World – video

Nick Davies

'....The investigative journalist Nick Davies on how the phone-hacking scandal has escalated, leading to News of the World's announced closure......'


Moody's Junk Rating Earns Portuguese Hacker Attack

James Lee Phillips

'....The first was returning Portugal to investment-worthy status -- all the way to A++ in fact. "Moody's is proud to announce that Portugal is now ranked as an A++ country," the page read. If the hackers had stopped there, it might have escaped notice for a bit longer.However, they also added some condemnatory language immediately thereafter. "Here at Moody's we are paid to say what our $ friends want, we are powerfull [sic]. We sell some hunches and everyone believes them. It's the mood of the day.".....'


The United Kingdom's secret firewall

Gary Marshall

'....The key argument against ISPs shaping what we see is that it's a slippery slope that leads inevitably to oppressive censorship - but the introduction of Cleanfeed hasn't infringed everyday users'activities, mobile phone networks' smut filters have no obvious downside apart from the odd wrongly flagged site......'


Bootable RFID Live Hacking System

'....The bootable Live RFID Hacking System contains a ready-to-use set of hacking tools for breaking and analyzing MIFARE Classic RFID cards and other well known card formats. It is built around PCSC-lite, the CCID free software driver......'


DDoS attacks rise in number, thanks to free tools

Dan Kaplan

'...."Open source of intelligence indicates that some of the attacks are supposedly in response to the company itself, while other attacks are in response to group rivalries," the report said, adding that hacking collectives, receiving coverage in the media, have been able to influence widespread participation in DDoS assaults.
The uptick in DDoS, a style of attack that is at least a decade old, is largely attributable to tools such as the open-source Low Orbit Ion Cannon -- a type of voluntary botnet -- or more traditional networks of compromised computers, which can be rented for as little as $10 per hour for up to 50,000 nodes, experts said......'


24,000 Pentagon files stolen in major cyber breach, official says

Jason Ukman and Ellen Nakashima

'.... The Defense Department lost 24,000 files to "foreign intruders" in the spring in what appears to be one of the most damaging cyberattacks to date on the U.S. military, a top Pentagon official acknowledged Thursday...... '


U.S. DoD Releases Cyber Security Strategy

Stefanie Hoffman 


'.... the strategy calls for new ways to bolster defenses of critical cyber infrastructure, such as the computer networks of the U.S. military and defense contractors, while developing new weapons and methods to retaliate against U.S. adversaries launching cyber attacks.......'


FBI reportedly looks into News Corp. hacking allegations

Gary Strauss and Kevin Johnson

'.... The Federal Bureau of Investigation is looking into allegations that Murdoch's News Corp. tried to hack into the phone messages of U.S. 9/11 victims and families, a federal law enforcement official said Thursday.

The official, who has been briefed on the matter but declined to be identified because he is not authorized to speak publicly, said the review was based on concerns raised by Rep. Pete King, R-N.Y., and Sens. Jay Rockefeller, D-W.Va.; Barbara Boxer, D-Calif.; and Frank Lautenberg, D-N.J., among others......'


US forced to redesign secret weapon after cyber breach

Lewis Page

'....The United States may be forced to redesign an unnamed new weapon system now under development – because tech specs and plans were stolen from a defence contractor's databases.......'


Iran says it can block 'Internet in a suitcase'

The Associated Press

'....Iran's intelligence minister said Friday that his country has found a way to block the so-called "Internet in a suitcase," a program reportedly developed by the U.S. to bring online access to dissidents around the world.
The minister, Heidar Moslehi, told Muslim worshippers that Iran was aware of the program from the start. "We prepared a solution for it," he said in a speech broadcast live on state radio.......'


U.S., Romania arrest more than 100 for cyber scams


'....U.S. and Romanian police have arrested more than 100 people in a year-long effort to stop Internet fraud schemes that have cost Americans more than $100 million, the U.S. Justice Department said Friday.
Romanian police carried out 117 raids Friday, the Justice Department said. They arrested 90 people in sweeps in nine cities, the BBC reported......'


How Hackers Stole 24,000 Files From The Pentagon

Kit Eaton

'....The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret--secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground......'


How China stopped spam and malware distribution on its domains

Larry Seltzer


'....In most countries it's cheap and easy to register a domain name. Not in China where the government makes you run things past them. A side-effect was to kill off spamming from Chinese domains......'


Obama and G20 leaders use secret Facebook-style network

Channel 4 News

'....The world's most powerful men and women are using a secret "Facebook-style" network to communicate before they make big decisions on global affairs.
Members of the "elite" G20 group can send messages in real-time, like Facebook Chat or Instant Messenger. They can also upload important policy documents and strategy ideas for each other to see and comment on.......'


Secunia's Half Year Report for 2011

Stefan Frei

'....I am pleased to share with you Secunia's Half Year Report for 2011 which identifies the evolution of important global trends in end-point security, software, and the entire security ecosystem. The findings are based on data extracted from the Secunia Vulnerability Intelligence Database.....'


Officials: hackers were in German police computers for months

Monsters and Critics

'....German police took months to notice that computer hackers had infiltrated federal police and customs service computers, media reports said Sunday, citing unnamed cyber security officials......'


Mikko Hypponen On Stuxnet, Mobile Hacks And Conficker

Bruce Upbin

'....I sat down with cybercop Mikko Hypponen at the TED Global conference in Edinburgh, where he gave a talk yesterday on the recent history of online malefactors and which threats we're facing today.......'


A Look Inside Targeted Email Attacks


'....The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of becoming a victim of such an attack.....'


Ship to Gaza hit by cyber attack

The Local Europe

'....The Freedom Flotilla II, uniting 300 activists from all walks of life and 22 different countries, and aiming to transport necessities and to protest the Israeli blockade of the Palestinian-controlled coastal strip, has suffered a slew of setbacks.
The group were forced to shut down their website on Friday after a so-called overload attack which forced their server company to pull the plug......'


Cyber Law Grapples With the Advent of the Cyber Warfare Century

Peter Sommer

'....Where do cyber criminals, hacktivists and terrorists fall within the legal framework - in the UK and around the globe? How do governments and federal powers successfully prosecute criminal or terrorist activity in cyberspace? These are questions the media and politicians, alike, have often come up against, and with little hope of resolution.......'


FBI arrests AT&T insider for leaking information to Anonymous

Steve Ragan


'....In June, The Tech Herald reported on information given to us by Ryan Cleary shortly before his arrest. The story centered on an AT&T insider who handed sensitive information and a bootable USB disk over to Anonymous. On Tuesday, the FBI arrested an AT&T employee connected to the leak, during a nationwide sweep targeting Anonymous......'


Stuxnet returns to bedevil Iran's nuclear system


'....debkafile's intelligence sources report that the Stuxnet malworm which played havoc with Iran's nuclear program for eleven months was not purged after all. Tehran never did overcome the disruptions caused by Stuxnet or restore its centrifuges to smooth and normal operation as was claimed. Indeed, Iran finally resorted to the only sure-fire cure, scrapping all the tainted machines and replacing them with new ones......'


Anonymous Breaches NATO Security

Red Orbit

'....A NATO official told The Associated Press (AP) that the organization was aware that a hacker had released a document allegedly from NATO on the Internet. 
"NATO security experts are investigating these claims," the official, who could not be named, told AP. "We strongly condemn any leak of classified documents, which can potentially endanger the security of NATO allies, armed forces and citizens.......'


Hackers target U.S. intelligence agency contractors

Jim Finkle

'....Hackers, likely working for foreign governments, are actively trying to steal classified U.S. government data by breaking into the computer networks of contractors that work for U.S. intelligence agencies.
Through a targeted "spear phishing" campaign, hackers are sending emails tainted with malicious software to contractors, according to two security firms, which heard about the attacks after an executive at one contractor sent them a copy of the email.......'


German national cyber security centre attacked by hackers

Nicolas Zeitler

'....Just a few weeks after German authorities opened a national Cyber Defense Centre in Bonn, it was attacked by hackers and now officials are struggling to arrest all of those involved.
While security authorities reported they had arrested two members of the hacking group linked to the attacks, the group released a statement saying that only its leader was under arrest. A 23-year-old calling himself Darkhammer, leader of the so-called "n0n4m3 cr3w", was arrested on Sunday, the Office of Criminal Investigation in the state of Nordrhein-Westfalen reported.......'


Kenya forms team to fight cyber crime

Fredrick Obura

'....The Communications Commission of Kenya has set up a computer incident response team to counter the rising cases of cyber crime in the country.......'


Expert hacks car system, says problems reach to SCADA systems

Elinor Mills

'....Researcher Don A. Bailey will be showing at the Black Hat security conference next week how easy it is to open and even start a car remotely by hacking the cellular network-based security system. Even more disturbing is the message that demonstration brings, that cars aren't the only things at risk. .....'


New Court Filing Reveals How the 2004 Ohio Presidential Was Hacked

Bob Fritakis


'....A new filing in the King Lincoln Bronzeville v. Blackwell case includes a copy of the Ohio Secretary of State election production system configuration that was in use in Ohio's 2004 presidential election when there was a sudden and unexpected shift in votes for George W. Bush.......'


Pentagon discloses massive cyber theft

Lolita C. Baldor and Robert Burns


'....The Pentagon on Thursday revealed that in the spring it suffered one of its largest losses ever of sensitive data in a cyber attack by a foreign government. It's a dramatic example of why the military is pursuing a new strategy emphasizing deeper defenses of its computer networks, collaboration with private industry and new steps to stop "malicious insiders."......'


Mobile Hacking: How Safe Is Your Smartphone?

Todd Wasserman


'....There are, of course, more technologically savvy ways to hack your phone as well. A would-be hacker, for instance, might get a bit of information about your account and send a phishing email purportedly from your carrier asking you to log in. At that point they will have your password and other sensitive information. Smartphones also provide an opportunity to install monitoring software. iPhone owners are probably the safest in that regard, unless they jailbreak their phones, Siciliano says.....'


The Chinese Way of Hacking

Neal Ungerleider


'....Adam Segal, one of the Council on Foreign Relations' top experts on China and technology, talks to Fast Company about what's special about Chinese cybercriminals, Chinese fears of NSA backdoors, and bored East Asian teenagers......'


Gordon Brown says newspapers also used malware to hack computers

Graham Cluley


'....With the News of the World "phone hacking" scandal continues to dominate news headlines in the UK, new claims are being made that journalists didn't just spy on celebrities and members of the public by listening to voicemail messages......'


Manning-Lamo Chat Logs Revealed

Evan Hansen


'....A little more than a year ago, published excerpts from instant messenger chats between accused WikiLeaks source Bradley Manning and Adrian Lamo, the ex-hacker in whom he confided and who reported him to the authorities.......'


iPhone apps could mean trouble for law enforcement

PoliceOne Staff


'....One application, called "Find my iPhone," allows users to remotely wipe data from their phones. "Using this feature will delete all data from the iPhone, including emails, account information, applications installed, music downloaded, etc," the document says."Once the wipe feature has been activated all data is wiped and the phone is restored to the default factory setting.".....'


Murdoch Tabloids' Targets Included Downing Street and the Crown



'....Others on the police payroll have been bribed to use restricted cellphone-tracking technology to pinpoint the location of people sought by the papers in their restless pursuit of scoops, according to two former journalists for the tabloid shut on Sunday, The News of the World. .....'


Whitepaper "Python arsenal for Reverse Engeneering"

Dmitriy Evdokimov


'....This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. The collection consists of more than 40 projects. This document is intended to show the power of Python for RE and also an attempt to systematize a knowledge of the python for RE......'


Anonymous attacks agri-giant Monsanto, leaking information on 2,500 employees

Chester Wisniewski


'....These companies have been involved in developing the Alberta, Canada oil sands. The oil sands have been controversial among environmentalists for years, as the methods used to extract the oil from the sand are detrimental to the environment......'


Decoding Data Exfiltration – Reversing XOR Encryption

Brian Hussey


'....For those not familiar with the term, data exfiltration files are created by an attacker to contain stolen data on the victim box. It is basically a storage container that he later intends to transfer back to his own computer. Data exfiltration files may be a simple keylogger text file or HTML files concatenated by web scraping malware. However, they can also contain targeted company intelligence or entire SQL database dumps. Content varies as widely as the attacker's imagination and end goals......'


Anonymous claims to have breached ManTech International's network

Ellen Messmer


'....A tweet sent by the hacker group Anonymous at midnight yesterday claims the group has broken into the network of defense contractor ManTech International and intends to release seized documents within 24 hours......'


Norway's 'lone-wolf' attacks stir angst in Europe



'...."The Norwegians have his computer," said Bob Ayers, a London-based former U.S. intelligence officer. "If there was significant dialogue, there would have been a footprint......'


ATM fraud takes root amid lax laws and outdated technology



'....Reports indicate that in May alone, Kenyan banks reported to the police losses of Sh62 million, out of which just Sh1.4 million was recovered.The cash was lost mainly through computer fraud and electronic fund transfer. Banking sources say the colossal figure is under-reported.Growing indicators point to security becoming a new worry for banks, who over the last few years have spent billions transforming their businesses to become more card-dependent......'


Washington Post Jobs Board Hack Compromises 1.27 Million E-Mail Addresses

Fahmida Y. Rashid


'....Washington Post admitted unknown perpetrators accessed its employment Website and stole 1.27 million userIDs and e-mail addresses of its registered job-hunters......'


RoboCup for soccer-playing robots kicks off


'....University of Edinburgh's Subramanian Ramamoorthy is training robots to play football.....'


Phone hacking: Police probe suspected deletion of emails by NI executive

Nick Davies and Amelia Hill


'....The archive is believed to have reached back to January 2005 revealing daily contact between News of the World editors, reporters and outsiders, including private investigators. The messages are potentially highly valuable both for the police and for the numerous public figures who are suing News International.......'


DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools

Neal Ungerleider


'....A top Department of Homeland Security official has admitted to Congress that imported software and hardware components are being purposely spiked with security-compromising attack tools. .....'


A Handy Glossary for the Hacker Family Tree

Adam Clark Estes


'....There's even some color coding and visual cues to show who's friends with whom and what those relationships begat in the recent history of hacking. There's not, however, much explanation about the projects or the groups. We've done our best to itemize and explain everything with a handy hacker glossary......'