Breaking News »

Latest Hacking News

Denmark accuses Russia of hacking Defense Ministry's mail for two yrs

Denmark's defense minister, Claus Hjort Frederiksen, has accused Russian hackers of targeting their Defence Ministry's email accounts for the past two years, but very few times they succeeded.

According to the reports published by the Centre for Cyber Security (CFCS), a group of pro-Kremlin hackers tried to broke into the emails accounts of the country's defense ministry's employees in 2015 and 2016.

“What’s happening is very controlled. It’s not small hacker groups doing it for the fun of it,” Frederiksen told Danish news agency Ritzau.

“It’s connected to intelligence agencies or central elements in the Russian government, and holding them off is a constant struggle.”

The hacking group behind this attack said to be the same group which allegedly hacked American Democrat Party email accounts last year during the Presidential election campaign. The group is allegedly controlled and operated by the Russain government, and functions with different names as APT28, Pawn Storm, Sofacy and Fancy Bears.

Here is the timeline of the Hack attack done by the Russian hackers 

  •  March-June 2015: A smaller number of phishing emails were sent to specific employees working in the Defence Ministry and Foreign Ministry

  • April-June 2015: First attempt to steal login information using a fake login site for the Defence’s email system. Several hundred phishing emails were sent to specific employees working for the Defence Ministry again

  •  June-October 2015: A small number of phishing emails were sent to specific employees working for the Defence Ministry and Foreign Ministry

  •  September-October 2015: The second attempt to steal login information was attempted, again using a fake login site. Several hundred phishing emails were sent to specific employees working for the Defence Ministry during this time as well. During the same period, attempts to force entry to Defence email accounts were also discovered

  •  February-April 2016: Reconnaissance activity against the Defence’s emails and other public authorities’ email systems

  •  April 2016: Hackers try to force entry into several user accounts for remote access for servers for several Defence IT systems. Should one such server be compromised, the hacker can potentially gain access and control it.

  •  October 2016: The hacker’s third attempt at stealing login information using a fake login page is attempted and about 1,000 phishing emails were sent to specific employees working for the Defence Ministry again

Cybersecurity at hardware level is the goal of DARPA’s new program

ARLINGTON, Va. Defense Advanced Research Projects Agency (DARPA) officials launched a new program, System Security Integrated Through Hardware and Firmware (SSITH) that aims to protect against cyber intruders at the hardware architecture and circuit level, rather than relying only on software-based security patches. In a closed-door meeting of government contractors on April 21, the Pentagon scientists showed how the secure computer chips could stop 40 percent of current cyber attacks that are exploited through software.

Nobody's thought of making the chips secure before.

“This race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software. The SSITH program will complement DARPA software security efforts like High-Assurance Cyber Military Systems (HACMS) and the Cyber Grand Challenge (CGC) by taking advantage of new technologies to develop integrated circuits that are inherently impervious to software end-runs,” said SSITH program manager, Linton Salmon of the Agency’s Microsystems Technology Office.

America's DARPA reckons too many vulnerabilities arise from hardware design errors, so it wanted experts and boffins to propose better hardware-level security mechanisms. Intel's Security Guard Extensions (SGX) is a favourite target for attack boffins crafting proofs-of-concept against the architecture.

The $50 million program is looking initially for research proposals for that lay out how those design tools will work and the microchip security architecture they will build. Later phases will involve the building and testing of prototypes and demonstrations that the tools can be scaled for mass production.

SSITH specifically seeks to address the seven classes of hardware vulnerabilities listed in the Common Weakness Enumeration, a crowd-sourced compendium of security issues that is familiar to the information technology security community. In cyberjargon, these classes are permissions and privileges, buffer errors, resource management, information leakage, numeric errors, crypto errors, and code injection. Researchers have documented some 2800 software breaches that have taken advantage of one or more of these hardware vulnerabilities, all seven of which are variously present to in the integrated microcircuitry of electronic systems around the world.

DARPA says it’s looking for “innovative approaches that enable revolutionary advances in science, devices, or systems.” The strategic challenge for participants in the SSITH program will be to develop new integrated circuit (IC) architectures that lack the current software-accessible points of illicit entry, yet retain the computational functions and high-performance the ICs were designed to deliver. They want designers to “limit the permitted hardware to states that are assured to be secure”, without sacrificing performance.

The idea is to break the cycle of fixing vulnerabilities through software updates, even when what’s ultimately being exploited is a security weakness in the hardware.

Another goal of the program is to develop of design tools that would become widely available so that hardware-anchored security would eventually become a standard feature of ICs in both Defense Department and commercial electronic systems. The anticipated 39-month program centres on covering development and demonstration of hardware architectures and techniques to measure the security of new hardware designs, including tradeoffs in things like performance, power efficiency, and circuit area.

Carder Fly, who sent heroin to journalist Brian Krebs, received 41 months in prison

Black Hat Hackers for many years seriously disliked journalist Brian Krebs. The fact is that Krebs is one of the veterans of computer security journalism, famous for his investigations and revelations. Thanks to the information collected by him, it was possible to bring out many hacking groups to clean water. Moreover, Krebs often gave the information which he collected, to the hands of law enforcement agencies, he also publishes large-scale revelations in his blog, de-anonymization the criminals and explaining step by step how he managed to do it.

One example, only recently Krebs managed to expose the hack-group vDos (for which his website was immediately subjected to a long DDoS-attack, using IoT-devices, the capacity of 620 Gbit / s), as well as he built the structured theory of who ran recently closed aggregator for leaks LeakedSource.

Of course, hackers do not like Krebs activities and his publicity. Hackers were taking revenge journalist for many years. They sent a SWAT team to his home, took $ 20,000 credit on his behalf, transferred $ 1,000 to his PayPal account from stolen payment card's, and the PayPal account was compromised more than once, and hackers tried to transfer money from Krebs's account to terrorist, to banned organization in Russia DAESH. Also, Malware authors mention Brian Krebs in the code of their programs.

But hacker, known under the pseudonyms Fly, Flycracker and MUXACC1 (as well as Tomas Rimkis, Flyck, Centurion, Stranier and Darklife) zealously followed Krebs. He is also citizen of Ukraine Sergei Vovnenko. In 2013, Vovnenko thought of a new "setup". At the closed account forum, fundraising was announced to purchase 1 gram of heroin. The drug was planned to be sent to Brian Krebs by post, and hurt the journalist. The idea was to notify the local police station before delivery that Krebs is junkie and soon he should receive heroin by mail.

Then the "jokers" managed to collect 1.6532 BTC, buy for this money 12 bags of heroin (10 + 2 bonus) and really send them to Krebs. On Monday, July 29, 2013, the parcel was delivered to his address. Packets with drugs were hidden in the envelope with magazine Chicago Tribune glued to the back of the cover.

However, Fly and his accomplices did not know that Brian Krebs infiltrated thecc.bzfor a long time, and he secretly watched the collection of funds and the entire "operation" of the avengers. The journalist warned the local police station in advance that he was going to be sent drugs and gave the law enforcement agencies all the information. Once the parcel was delivered, Krebs called the police, who confiscated the parcel for the necessary research.

But Fly did not calm down. So, he published in the public domain Krebs's e-mail address, photos of his house and other confidential information, and then he sent the funeral wreath to the journalist, addressed to Krebs's wife and with an unambiguous threatening message.

After that, Brian Krebs becam interested in Fly personality. With the support of the Group-IB specialists, the journalist conducted thorough investigation and eventually calculated the 28-year-old Sergei Vovnenko, who resided with his wife and child in Naples, Italy. Krebs handed over to the authorities all information about Vovnenko, as a result, in 2014, Carder was arrested, and after about 15 months was extradited to the United States. By the way, from the prison Vovnenko even sent Krebs Christmas cards, congratulating him, and apparently he repented.

However, Vovnenko was not prosecute not so much for his attacks on Brian Krebs, but because of his carder activities. According to court documents, Fly had Zeus-botnet, which eventually infected more than 13 000 devices. The hacker and his accomplices stole confidential information from infected machines, including data on bank cards and payment system accounts. After that the stolen information was resold on underground carder forums.

February 17, 2017 Brian Krebs said that the court in the case of the Fly finally concluded. As a result, Vovnenko, who last year pleaded guilty, was sentenced to 41 months in prison and ordered him to pay $ 83,368 to cover the damage caused to them. Most of this time, carder has already spent waiting for the trial. So, very soon Vovnenko will be freed.

U.S. prosecutors demand 30 years prison Sentence for Russian Hacker Seleznev

US prosecutors are demanding 30 years in prison for Russian citizen Roman Seleznev, who is accused of cyber fraud.This is largest sentence given out for cybercrime by the US.

According to the case file, prosecutors said that sentence of 30 years in prison is enough. The Prosecutor noted that the gravity of the crimes of Russian hacker could have warranted a life imprisonment.

The prosecution also noted that before the process Seleznev was uncooperative with the investigation. Also, the prosecution urged to ignore evidence of an admission of the defendant, which he said after verdict.

We will remind, in August 2016 the jury convicted Seleznev of 38 of 40 charges under article "cyber fraud", "theft of personal information under aggravating circumstances" and others.

Russian citizen Roman Seleznev admitted to the crime. "I accept full responsibility for all. I'm afraid of punishment. (...) I want to say I'm wrong and apologize", described in letter of Seleznev addressed to Court.

The citizen of the Russian Federation also promises that when he will gets out of jail, he will work honestly to "pay my debt to victims and society."

The prosecution estimated the damage of Seleznev about $170 million, because in the hacker's computer about 1.7 million credit card with all information were discovered in 2014 s.

Agents of the U.S. Secret service detained Seleznev in the Maldives in 2014. After that Russia made sanctions list of four employees of Ministry of Justice, qualifying actions of the American side as kidnapping and violation of international law.

It is worth noting that Roman Seleznev is the son of a famous Russian politician Valery Seleznev who said to RIA Novosti news agency "My son was tortured because being in jail in a foreign country after abduction is torture in itself. He is innocent"