$50 million of digital money stolen

A hacker has stolen more than $50 million of digital money  from an experimental virtual currency project, known as the Decentralized Autonomous Organization.

It had been the most successful crowdfunding venture ever. According to the reports, it took one-third of the venture's money but also the hopes and dreams of thousands of participants who wanted to prove the safety and security of digital currency.

After all, this it is likely an end of the project, which had raised $160 million in the form of Ether, an alternative to the digital currency Bitcoin.

However,  the computer scientists involved in the project are aiming to tweak the code that underpins Ether in a way that will recover the money.

"This is one of the nightmare scenarios everyone was worried about: someone exploited a weakness in the code of the DAO to empty out a large sum," Emin Gün Sirer, a computer science professor at Cornell who co-wrote a paper pointing out problems with the project, said.

This incident has reminded everyone of how the code can be just as vulnerable to human greed and mistakes as paper bills.

The project was funded by investors from around the world using Ether, which has become popular over the last year. But in May, computer scientists pointed out several vulnerabilities in its codes.

"The DAO is being attacked," Griff Green, a community organiser with the company that wrote the project's software, Slock.it, wrote on a chat channel for the project. "This is not a drill."

The money that the hacker moved appeared to be frozen on Friday as a result of a safeguard previously built into the code. Coders working on the Ethereum network, which hosts Ether, were debating on whether to make a one-time change to the code to recover the frozen money.

"The strength of blockchain tech is that it is a ledger, a statement of truth," Bruce Fenton, a board member with the Bitcoin Foundation, wrote on Friday. "That ledger is only as good as its resistance to censorship, change, demands or attack."

Lone Hacker Guccifer 2.0 Takes Responsibilty For DNC Cyber Attack

(pc-google images)
A lone hacker known as Guccifer 2.0 has claimed the sole responsibility for the for a cyber attack on the U.S. Democratic National Committee, revealing a series of documents allegedly extracted from DNC servers. This contradicts the initial DNC reports that Russia was behind the attack.

Guccifer 2.0 posted several confidential files on a Wordpress blog as well as claimed to have sent "thousands of files and mails" to Wikileaks which he says will "publish them soon."After an evident opposition file containing research on Donald Trump leaked earlier this week, Guccifer 2.0 has followed it up with alleged financial information on the Democratic Party and its donors.

The hack was initially reported to be the work of the Russian government agencies on Tuesday by CrowdStrike, the cybersecurity firm hired by the DNC to investigate the data breach.

In the post, Guccifer 2 has mocked the cybersecurity firm saying that, "CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by 'sophisticated' hacker groups. I'm very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy."

CrowdStrike is standing by its analysis that it was Russian government hackers. It had posted earlier stating: "On June 15, 2016 a blog post to a WordPress site authored by an individual using the moniker Guccifer 2.0 claiming credit for breaching the Democratic National Committee. This blog post presents documents alleged to have originated from the DNC.”

"Whether or not this posting is part of a Russian Intelligence disinformation campaign, we are exploring the documents' authenticity and origin. Regardless, these claims do nothing to lessen our findings relating to the Russian government's involvement, portions of which we have documented for the public and the greater security community."

Russian hackers attack DNC, steal Trump’s files

Russian government hackers broke into the servers of the Democratic National Committee and stole a massive trove of data, including all opposition research into GOP presidential candidate Donald Trump and almost a year's worth of private e-mail and chat messages, according to committee officials and security experts who responded to the breach on Tuesday (June 14).

Researchers with Crowdstrike, the security firm DNC officials hired to investigate and contain the breach, determined the intrusions were carried out by two separate hacker groups that both worked for the Russian military intelligence organization. One, dubbed Cozy Bear, gained access last summer and has been monitoring committee members' e-mail and chat communications. The other is known as Fancy Bear and is believed to have broken into the network in late April. It was the latter intrusion that obtained the entire database of Trump opposition and later tipped off IT team members the network may have been breached.

The U.S. government, however, has not yet determined that the hackers who breached the server are connected to the Russian government.

According to Crowdstrike, Cozy Bear was the same group that in 2014 successfully infiltrated unclassified networks used by the White House, the State Department, and the Joint Chiefs of Staff. They reportedly have also hacked numerous corporations and businesses in the defense, energy, manufacturing and other industries. Fancy Bear has been in operation since 2000.

The networks of presidential candidate Hillary Clinton was also targeted by Russian spies, as were the computers of some Republican political action committees. But details on those cases were not available.

The hackers who penetrated the DNC network were expelled last weekend in a major computer cleanup campaign. No financial, donor or personal information appears to have been taken, leaving analysts to suspect the breach was a case of traditional espionage and not the work of criminal hackers.

CrowdStrike said analysts still aren't sure how the intruders gained access. Suspicions are being raised that they targeted DNC employees with spearphishing e-mails that appeared to come from known and trusted people that contained malicious links or attachments.Researchers with security firm Palo Alto Networks said that a Russian hacking group it calls Sofacy sent an unnamed US government agency spearphishing e-mails that appeared to come directly from the compromised account belonging to the Ministry of Foreign Affairs of another government.

The government is usually hesitant to publicly blame another government for a cyberattack and opts to usually remain silent, concerned of the geopolitical consequences and waiting for strong enough evidence that it might hold up in court.

It's not the first time that hackers have targeted major figures in a US presidential election. In 2008, both computer systems for both the Obama and McCain campaigns were reportedly victims of a sophisticated attack by a then unknown foreign entity. The two hacking groups identified by CrowdStrike didn't appear to work together or to coordinate their attacks.

Any U.S. election is of intense interest to overseas governments, and Trump's candidacy has especially raised his relationship with Russia throughout the campaign. He has at times spoken admiringly of Russian President Vladimir Putin, and some of his foreign policies have drawn praise in Moscow, despite the country's chilly relationship with the U.S.

The intrusions are an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president.

Wendy's POS breach 'much bigger' than first reported

American fast food chain Wendy’s has admitted that the data breach affecting the company reported last month was a lot bigger than what was said.

(pc-google images)
The Wendy’s breach came into light last month after the company began investigating unusual activity involving customer credit cards in January this year.

“Based on the preliminary findings of the previously-disclosed investigation, the Company reported on May 11 that malware had been discovered on the point of sale (POS) system at fewer than 300 franchised North America Wendy’s restaurants,” Wendy’s stated.  "An additional 50 franchise restaurants were also suspected of experiencing, or had been found to have, other cybersecurity issues."

Wendy's has described the breach as “extremely difficult to detect,” uploaded via a remote access tool to a second POS system that was not previously known to be infected.

The Company believes this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system in certain franchise restaurants serviced by those providers.

After detecting the malware, the Company has already disabled it in all franchise restaurants where it has been discovered, and continues to work aggressively with its experts and federal law enforcement to continue its investigation.

North Korea hacks 140k computers of South Korea

North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies, planting malicious code, stealing 40,000 defence-related documents, police said on Monday (June 13).

The incident comes under a long-term plan laying groundwork for a massive cyber attack against its rival. Some 42,000 documents were hacked, majority of them linked to defence.

North Korea had launched a hacking campaign in 2014 but South Korea was noticed in February that Kim Jong-Un's band of hackers had been infiltrating into its networks.
South Korea suspects since the hacked machines stayed dormant, North Korea wanted to launch an attack intended to cause confusion on a national scale or to continuously steal industrial and military secrets.
South Korea has been on heightened alert against cyber attacks by the North after Pyongyang conducted a nuclear test in January and a long-range rocket launch in February that led to new U.N. sanctions.
The hackers took no action after gaining control on computers and networks of some groups but popular network management software was targeted. Cops refused of naming the platform.
The IP addresses in the attacks points towards the North.
The Pyongyang has always denied of any wrongdoing on Seoul.
In 2014, North Korean hackers led a devastating campaign against Sony pictures which led to the leakage of embarrassing internal e-mails and unreleased movie clips.
Just last month, North Korea was linked to a hacking on a Bangladeshi bank which resulted in a theft of around $ 81 million.
North Korea is not the only country with state sponsored hacking. The United States has an entire entity dedicated to hacking called the United States Cyber Command.

Intel plans to kill ROP attacks at chip level

(pc- google images)

Tech-giant Intel has come up with a plan to defeat attacks that use return-oriented programming (ROP) to exploit memory vulnerabilities. The chip-level plan would block malware infections on computers at the processor level.

The new measures are reviewed in a specification from Intel which describes the Control-flow Enforcement Technology (CET) and its attempt to overcome exploits that use ROP and jump-orientated programming (JOP).

CET aims to fill an opening in defensive capabilities against these two conflict types offering  protection for applications and handling complement kernels.

Attackers can use ROP and JOP to execute malicious code to bypass operating-system security measures, such as non-executable memory and code signing.

Baidu Patel, director of the platform security architecture and strategy team in Intel's Software and Services group said, “ROP or JOP attacks are particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behaviour.”

"What makes it hard to detect or prevent ROP/JOP is the fact that attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success," Patel added.

CET works by introducing a shadow stack – which only contains return addresses, is held in system RAM, and is protected by the CPU's memory management unit. These shadow stacks are isolated from the data stack and protected from tampering.

CET focuses on CALL and RETURN instructions and compares a return address that is stored in the data with the shadow stack. If the addresses don't marry up, an exception is flagged.

According to Patel, a CET spec is a perfection of techniques that Intel and Microsoft have jointly grown over a past 7 years directed during anticipating a extensive counterclaim opposite ROP/JOP attacks.

32 million Twitter accounts hacked

Around 32 million Twitter accounts were hacked by a user 'Tessa88@exploit.im'. According to LeakedSource website, some of those hacked passwords were even verified by the users.

However, Twitter rubbished all the hacking reports and said there was no breach in their systems, and they are working with LeakedSource to get the data.

While, Twitter has locked some users accounts that it suspects of being affected by the hack. In the meanwhile time,  the microblogging website is asking users to reset their account passwords as well.

Although they have not yet mentioned as to how many accounts it has locked. The Wall Street Journal reports that the number is in millions and that affected users have already received email notifications regarding the same.

"If your Twitter information was impacted by any of the recent issues - because of password disclosures from other companies or the leak on the "dark web" - then you have already received an email that your account password must be reset. Your account won't be accessible until you do so, to ensure that unauthorized individuals don't have access," said Twitter in a blog post.

Even after locking users accounts, the company still says that the user credentials were not obtained from a hack in its servers.

It revealed that "The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both."

Tessa88@exploit.im  sent 32,888,300 Twitter user credentials to the website LeakedSource.

Hacked twitter account consists of Twitter co-founder Evan Williams' account and Facebook CEO Mark Zuckerberg's.

Mark zuckerberg’s social media accounts hacked due to weak password

Facebook founder and CEO, Mark Zuckerberg's Twitter, Instagram and Pinterest accounts were briefly hacked on Sunday (June 05) by a group calling itself ‘OurMine Team’, apparently using information from a major LinkedIn security breech that occurred in 2012.

This implies the social media guru reused passwords across multiple sites or perhaps that the format of the password he chose for other sites was guessable after breaking his LinkedIn login credentials.

A tech magazine, Engadget captured a tweet from OurMine revealing the password as ‘dadada’. Zuckerberg recently became a dad.

The group, whose principal Twitter account has since been suspended, then messaged him to say that it had found his password on a LinkedIn database of user details that was leaked online last month.

Both Twitter and Pinterest rapidly restored control of the accounts over the weekend, and the rogue posts have now been removed—though not before they were screencapped:

“Ouch. Mark Zuckerberg's social media accounts have been hacked pic.twitter.com/KvVmXOIg5s
— Ben Hall (@Ben_Hall) June 5, 2016”

Hopefully this time stronger passwords have been put up in the accounts.

The billionaire’s Facebook account was not affected.

"No Facebook systems or accounts were accessed. The affected accounts have been re-secured," said Facebook Inc. statement which was released on Monday (June 06).

The group said that it was just trying to alert Zuckerberg of the security flaw.

LinkedIn's 2012 breach was significant and embarrassing for the company, and resulted in the theft of millions of passwords and other user information. Users were warned at the time to change their LinkedIn passwords, and those on any other platform on which they were reused. This is clearly evergreen advice, as it isn't hard for a determined hacker to cross-reference someone's username and password information with other sites.

There's no evidence of any widespread damage stemming from the hacked accounts probably Zuckerberg hasn’t tweeted since 2012.

On Pinterest account, the name was changed to read: “Hacked By OurMine Team.”

Zuckerberg has accounts with several rival social media companies, such as Twitter and LinkedIn, but none of them are very active.

Millions of MySpace and Tumblr accounts hacked

Hundreds of millions of hacked account details from social networks MySpace and Tumblr have been advertised for sale online.

Time Inc., owner of Myspace has confirmed that once a popular social media has fallen victim to hackers and has blamed the breach on a cyber attacker called 'Peace' from Russia.

It is the biggest hacks to date which has exposed around 360.2 million accounts with 427 million passwords of MySpace and 65 million passwords of Tumblr.
LinkedIn’s big breach exposed over 100 million accounts.

The passwords were stored in a modified form that was meant to protect them, but the technique used was relatively weak and it seems the vast majority have been cracked.
A LeakedSource revealed that user passwords were stored in SHA1 with no salting. This is bad, but so are the passwords that were in use.
Both MySpace and Tumblr’s login appears to have stolen several years ago but only recently came to light.
If you were a registered user before 2013, your information may have been compromised.
The Myspace database was provided by someone who goes by the alias Tessa88@exploit.im.
The Tumblr IDs come from a breach flagged by the Yahoo-owned blogging site on 12 May.
The firm goes on to blame the hack on 'Peace', who is also allegedly responsible for the recent high-profile hacks on LinkedIn and Tumblr.
This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.
The website hasn’t been updated to included the MySpace breach yet.
Even adult dating site Fling was also breached in 2011 had exposed millions of id.

If you are still using one of these bad passwords, for crying out loud, change it. You can check to see whether you are affected on the LeakedSource database. µ

Cyber attack On Iran's Statistical center

Recently on 24th May, hackers had targeted  The Statistical Centre Of Iran  and made it temporarily out of service.  Iran's cyber police claims to have traced the hackers IP addresses relating to three Arab countries including Saudi Arabia . 

Cyber police chief General Kamal Hadianfar stated that detailed report of all the IP addresses and exact locations of hackers from Saudi Arabia have been submitted , and ensured that the justice will be done pertaining to the crime . 

Hadianfar said,  "We monitored a cyber attack on May 24 which was conducted from three countries and led by hackers in Saudi Arabia and they launched deceive attacks on the Statistical Centre of Iran and of course such an attack is not important technically," 

Some of the speculations were made initially regarding involvement of extremist group ISIS, but Hadianfar dismissed any such link saying that, "The hacker already had a hacking record and was identified by FATA ".

Hackers were not able to steal any sensitive data or classified information , it was more of a show - off by Saudi Arabia, claimed head of Iran's  Civil Defence Oraganization, General Gholam Reza Jalali.

According to Al-Monitor, just day after reports of attack on Iran's statistic center emerged, hackers targeted two of the Saudi Arabian government website. Hadianfar said attack may have been orchestrated by emotional move and Iran has not carried out any "organized" attack.

Jalali mentioned that Iran will be conducting specialized war games in order to boost its cyber defense.