Careem hit by cyber attack, affects 14 million users

Careem, ride-hailing app and Uber’s main competitor in the Middle East, on Monday revealed that it was hit by a cyber attack causing data of over 14 million users to be compromised.

In a blog post, the company said that it became aware of the attack on 14th January, when it identified a cyber incident involving “unauthorised access to a system we use to store data,” in which customer and driver account data were stolen.

Information such as names, phone numbers, email addresses, and trip data were stolen, however, according to the company, no password or credit card information was compromised.

“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” it stated.

“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” the post read, adding that customers and “captains” who have signed up after the attack have not been affected by the breach.

The ride-hailing service apologized to its users and said that, “Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”

Aside from informing the users and assuring them that it is working with law enforcement agencies to look into the matter, Careem also advised its customers to use safeguards such as strong password management, cautiousness of unsolicited communications, links, or attachments in emails, and reviewing suspicious credit card or bank activity.

As to why it had taken so Careem so long to tell people, the company said that it “wanted to make sure we had the most accurate information before notifying people.”

150 million MyFitnessPal users affected in Under Armour data breach

Under Armour on Thursday announced that over 150 million customers using MyFitnessPal, its nutrition tracking app, were hit by a data breach in late February, earlier this year.

According to Under Armour, they discovered the breach earlier this week and said that an “unauthorised party” had acquired this data. Once they were aware of the breach, they took steps to alert the users using in-app messages as well as email.

They are currently working with data security firms and coordinating with law enforcement authorities to get to the bottom of the breach.

"The investigation indicates that the affected information included usernames, email addresses, and hashed passwords—the majority with the hashing function called bcrypt used to secure passwords," the company said in a statement.

Under Armour said that the attackers would not have been able to access information such as users' Social Security numbers and driver's license numbers, or payment information, in the breach but usernames, email addresses, and password data were taken.

The company is now urging MyFitnessPal users to change their passwords immediately, along with reviewing any suspicious activity in their account. It has also warned its users to be cautious of any emails or unsolicited messages in light of the breach, and to not give away personal data.

The app lets people track their calorie intake, diet, and exercise routines, and was acquired by Under Armour in 2015 for $475 million.

List Of Enemy Hackers Revealed By An NSA Leak


When the arcane group calling itself the Shadow Brokers spilled a collection of NSA tools onto the web in a progression of leaks beginning in 2016, they offered an uncommon look into the interior activities of the world's most exceptional and stealthy hackers. Be that as it may, those leaks haven't quite recently given the outside world the access to the NSA's secret abilities.

They may likewise give us a chance to see whatever remains of the world's hackers through the NSA's eyes. A bit of NSA software, called "Territorial Dispute," seems to have been intended to identify the malware of other country state hacker groups on a target computer that the NSA had infiltrated.

The Hungarian security researcher Boldizsár Bencsáth trusts that the particular antivirus tool was premeditated not to expel other spies' malware from the victim machine, yet to caution the NSA's hackers of a foe's ubiety, allowing them to pull back instead of conceivably reveal their traps to an adversary.

Bencsáth, a professor at CrySys, the Laboratory of Cryptography and System Security at the Budapest University of Technology and Economics contends that the Territorial Dispute tool may offer clues of how NSA sees the broader hacker scene.

He's intending to present a paper on the CrySys website on Friday and requesting others to contribute and approaching the security research community to go along with him in investigating the software's clues.

In view of some matches he's set up between components of Territorial Dispute's agenda and known malware, he contends that the leaked program conceivably demonstrates that the NSA knew about some gathering's a very long time before those hackers' activities were uncovered publicly.

"The idea is to find out what the NSA knew, to find out the difference between the NSA viewpoint and the public viewpoint," says Bencsáth, arguing that there may even be a chance of uncovering current hacking operations, so that antivirus or other security firms can learn to detect their infections. "Some of these attacks might even still be on-going and alive."

He trusts that the tool exhibits the NSA's information of some outside malware that still hasn't been openly revealed.

At the point when the leaked version of Territorial Dispute keeps running on a target computer , it checks for signs of 45 distinct sorts of malware—perfectly marked SIG1 through SIG45—via looking for unique documents or registry keys those programs leave on victim machines. SIG2 is malware utilized by another known Russian state hacker group, Turla.

The last and  the latest passage on the list is a bit of malware found openly in 2014, and furthermore attached to that long-running Turla group. Different entries on the list range from the Chinese malware used to hack Google in 2010, to North Korean hacking devices.

Bencsáth believes that the entries in the list show up generally in chronological order, apparently in light of when each was initially known to be deployed. An accumulation of malware known as "Cheshire Cat" is listed before the Chinese malware utilized as a part of the 2010 attack on Google, and specialists believe the components of the campaign goes back as early as 2002. In any case, that code was just uncovered publicly in a discussion at the Black Hat Conference in 2015.

Another situation, the Territorial Dispute lists the malware known as the Dark Hotel, known to have been utilized by North Korean hackers to keep an eye on targeted hotel guests as SIG25.

To be reasonable, the correct order of Regional Question's malware list is a long way from affirmed. A few entries on the list do appear to show up as out of order. Also, regardless of whether the NSA kept its learning of progressing attacks a mystery, that would fit its typical modus operandi, says Matthew Suiche, the founder of security firm Comae technologies, who has closely followed the Shadow Representatives' leaks.

He additionally notes limitations in the information that can be gathered from the Territorial Dispute code. But as the other Shadow Brokers leaks, it might likewise be a year old piece of code.
Withal by putting a call out for different researchers  to crowd source the issue of coordinating those Territorial Dispute entries with past malware tests, Bencsáth hopes that it may very well prompt the identification and blocking  of state-sponsored hacking tools that the NSA has kept a track of for quite a long time.


Russian Hacking Group Targets The German Government’s Internal Communications Network


An infamous Russian hacking group known as Fancy Bear, or APT28, is by and large broadly considered responsible on account of a security breach in Germany's defence and interior ministries' private networks as affirmed by a government spokesman.

It is said to be behind the reprehensible breaches in the 2016 US election likewise including various cyber-attacks on the West. The group is accounted for to have targeted on the government's internal communications network with malware.

As per the reports by the DPA news agency the hack was first acknowledged in December and there may have been a probability of it lasting up to a year.

"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cyber-security incident concerning the federal government's information technology and networks," a German interior ministry spokesman said on Wednesday.




The group apparently hacked into a government computer system particularly intended to operate separately from other open systems i.e. public networks to guarantee additional security known as the "Informationsverbund Berlin-Bonn" (IVBB) network. The framework is utilized by the German Chancellery, parliament, federal ministries and a few security institutions.

Fancy Bear, also called Pawn Storm, is believed to run a global hacking campaign that is ", as far-reaching as it is ambitious" as indicated by a report by computer security firm Trend Micro.
Palo Alto Systems, a cyber-security firm, on Wednesday released a report saying that Fancy Bear now gives off an impression of being utilizing malevolent emails to target North American and European foreign affairs officials, incorporating a European embassy in Moscow.

"Pawn Storm” was even reprimanded for a similar attack on the lower house of the German parliament in 2015 and is likewise thought to have targeted on the Christian Democratic Union party of Chancellor Angela Merkel.

Authorities in the nation issued rehashed notices about the capability of "outside manipulation" in a last year's German election.

The hacking bunch has been linked to the Russian state by various security experts investigating its international hacks and is additionally known by certain different names including CozyDuke, Sofacy, Sednit and Tsar Group.


Chinese Hacking Groups target UK Think Tanks

Cybersecurity firm, Crowdstrike, says that UK think tanks are being repeatedly targeted by Chinese hacking groups. Crowdstrike says that beginning in April 2017, it saw repeated targeting of British think tanks specialising in international security and defense issues.

The firm said it has investigated the breaches and attributes these attacks to groups they call “Panda,” which Crowdstrike said are China-based and linked to the Chinese state.

Crowdstrike was reportedly called in by some of the think tanks to investigate the attacks, help in clean-up, and protect their security. According to a report by BBC, not all attacks were successful.

The company also said that in 2017, Chinese cyber activity increased all over the world, targets including universities, law firms, technology companies across the world.

According to Dmitri Alperovitch, Crowdstrike’s co-founder and CTO, think tanks that work on Chinese policy were targeted “very aggressively” in an attempt to steal reports and information relating to connections with the government.

He said that this was because they believe the think tanks are influential in US and UK, saying "they believe that they may have access to information which is not public.”

According to Alperovitch, the hackers would persist and try to get back in even after they had been kicked out.

Dutch Tax Authority and Banks Face DDoS Attacks

The national tax office in the Netherlands and several of the country’s largest banks were hit by a distributed denial-of-service (DDoS) attack on Monday.

The tax office said that its website had gone down for 5-10 minutes after the attack.

ABM Amro, ING, and Rabobank are some of the major banks affected by the DDoS attack which disrupted online and mobile banking services over the weekend.

The attacks led to banks’ services being down for hours at a time.

"We are now working on an alternative access route to the site, it is not yet possible to say how long this will take," Rabobank said.

"Since the big DDoS attack on ING in 2013, everything seemed to be in order. There is now clearly something we need to respond to, and we are discussing this with the banks," a spokesperson from the Dutch central bank, DNB, had to say.

Spokesperson for the Tax Authority, André Karels said that no data had been leaked and that the attack is under investigation by the National Cybersecurity Services.

DDoS attacks work to bring down websites by sending a lot of traffic to one server at the same time. While such attacks itself cannot cause a breach in networks or data to be leaked, they are often used as distractions by hackers trying to penetrate a network.

The United States failed to establish deterrence in the aftermath of Russia’s interference

The United States of America has yet again neglected to build up deterrence in the consequence of Russia's interference in the 2016 election. And there is no surprise as to why it failed to do so. Which it did in light of the fact that Russia proceeded to forcefully employ the most noteworthy part of its 2016 toolbox: the utilization of social media as a platform to disseminate propaganda intended to debilitate or in simpler words weaken their country.

Former CIA Director Michael Morell and former Chairman of the House Intelligence Committee Rep. Mike Rogers, R-Michigan, said that Russia has continued its cyber-attacks against the United States. Both of them serve on the advisory council for the Alliance for Securing Democracy, say that the U.S. has neglected to prevent Russia from utilizing social networking to "disseminate propaganda designed to weaken their nation”.

"There is a perception among the media and the general public that Russia ended its social-media operations following last year's election and that we need worry only about future elections. But that perception is wrong. Russia's information operations in the United States continued after the election and they continue to this day," they wrote on Tuesday for The Washington Post.
As reported by them, the Russian government is as yet sending viable and effective tactics that focus on particular gatherings and politicians, much as they did earlier by controlling social media in the race to the 2016 election.

As per Rogers and Morell, Russian-influenced Twitter accounts were leading members in November's #BoycottKuerig movement via social media. The boycott started to dissent the coffee-maker organization pulling its advertisements for Sean Hannity's Fox News show.

"This was a Russian attack on a U.S. company and on our economy," Morell and Rogers said.

Morell and Rogers warn that Russia's utilization of web-based social networking as a "political weapon" that will continue pushing ahead in the future, with more nations expected that would stick to this same pattern, unless and until the U.S. intervenes.

"The sanctions that the Obama administration and Congress put in place in the aftermath of the 2016 election are steps in the right direction, but they were not significant enough to check Russian President Vladimir Putin," Morell and Rogers suggest.


Additionally included saying that true deterrence requires arrangements or such policies that keep adversaries from accomplishing their targets all the while imposing noteworthy expenses on their regimes, out of which they have done neither.

Bitcoin Exchange Files for Bankruptcy After Being Hacked Again

Earlier this week, a major South Korean bitcoin exchange, Youbit, was hacked for the second time in less than 8 months. It has since filed for bankruptcy after releasing that the hackers had stolen 17% of its digital currency reserves.

The exchange trades ten virtual currencies, including bitcoin and ethereum.

Youbit says that the hackers had attacked its “hot-wallet”, which is an account kept online for holding crypto assets, and that its offline, cold-storage holdings are safe and still accessible, adding that all customers will be able to withdraw 75% of their assets once the bankruptcy proceedings are settled.

Allegedly, this attack is an addition to the series of cyberattacks in South Korea, all credited to North Korean hackers targeting the growing market of cryptocurrencies in South Korea.

This hack accentuates the growing concern in the market for the safety of digital currency and holdings.

While with traditional banking, people feel safe with their finances and there is less risk for the customers, cryptocurrencies are highly risky and are increasingly targeted by hackers.

South Korean Newspaper Reports North Korean Hackers Behind Attacks on Cryptocurrency Exchanges

Chosun Ilbo, a major South Korean newspaper, on Saturday reported that according to a South Korean spy agency, North Korean Hackers were behind the theft of about $6.99 million (7.6 billion won) worth of cryptocurrencies this year, which now amount to almost $82.7 million (90 billion won).

The report said that these attacks included the theft of cryptocurrencies from accounts at exchanges Yapizon (now called Youbit), and Coinis, in April and September.

According to the report by the newspaper, the leaks of the personal information of about 36,000 accounts from Bitthumb, a major cryptocurrency exchange, in June were also connected with North Korean hackers, as discovered by the country’s National Intelligence Service (NIS).

Again citing NIS, Chosun Ilbo also reported that these hackers had demanded around $5.5 million (6 billion won) in return for deleting the stolen information.

These hackers were also responsible for another attack on about 10 other exchanges in October which was stopped by Korea Internet Security Agency (KISA), as per the report.

The newspaper also reported that according to NIS, the malware used in the emails to hack the exchanges were made with a similar method to the one used in hacking Sony Pictures in 2014 and the Central Bank of Bangladesh in 2016 and that the email ids used in the attacks were also North Korean.

Over 6 million computers in Moscow are infected with Cryptocurrency Mining Virus

In Moscow about 30 percent of all computers are infected with a virus, which allows covertly mining bitcoins.

Herman Klimenko, adviser of the Russian President on Internet development, said that nowadays this is the most common and most dangerous virus. There are about 20 million computers in Moscow, of those, 20-30 percent are infected.

Klimenko noted that the organizers of such schema earn money by "rental" capacity of infected computers for processing Cryptocurrency payments.

As a reminder, on July 21, researchers discovered advertisement botnet Stantinko, which had so many victims from Russia and Ukraine. In the beginning of the month the specialists of "Kaspersky Lab" spotted the wide spread of the virus Xafekopy, which sent subscription request on paid services from victim's phone.

"We do not have information about all computers in Moscow and Russia, we can only talk about our users, 6% of them were attacked in 2017 with the goal of installing" miners "(Cryptocurrency), which makes it quite common type of malicious programs," Antonov Ivanov, an antivirus expert at Kaspersky Lab, quotes the local press.

- Christina


Researchers say North Korea behind attacks exploiting a Korean word processing program

Recent reports had confirmed that the relations between the two Koreas (North and South), which were bad for years, now showed some signs of improvement. After Seoul and Pyongyang had exchanged reconciliatory gestures and expressed their willingness to talk. There was even a rather high probability that the third intra-Korean summit would happen in near future.

However, the situation might go in other direction after reading a PDF report by FireEye, a U.S-based security company that provides automated threat forensics and dynamic malware protection against advanced cyber threats. The report says that North Korea is likely behind cyber-attacks that have focused on exploiting a word processing program widely used in South Korea.

Genwei Jiang and Josiah Kimble, authors of the report, identified several malicious documents in the wild that exploit a previously unknown vulnerability (CVE-2015-6585) in the Hangul Word Processor (HWP). HWP, published by a South Korean company, is a Korean word processing application.

“It is widely used in South Korea, primarily by government and public institutions. Some HWP programs are frequently used by private organizations, such as HWP Viewer. The payloads and infrastructure in the attack are linked to suspected North Korean threat actors. Hancom patched CVE-2015-6585,” the authors said in the report.

The authors have said that only a handful of attacks have been publicly attributed to the secretive nation, which is known to have well-developed cyber capabilities.

According to them, if the malicious HWP file is opened, it installs a backdoor which FireEye nicknamed "Hangman", which is used for downloading files and probing file systems and similar to backdoor FireEye calls Peachpit, which may have been developed by North Korea, the report said.

Once Hangman has collected data, it sends it to command-and-control servers over an SSL (Secure Sockets Layer) connection. The IP addresses of those servers are hard-coded into Hangman and have been linked to other suspected North Korea-related attacks.

“While not conclusive, the targeting of a South Korean proprietary word processing software strongly suggests a specific interest in South Korean targets, and based on code similarities and infrastructure overlap, FireEye Intelligence assesses that this activity may be associated with North Korea-based threat actors,” the authors added.

According to a news report published in PCWorld, one of the most prominent instances was the devastating attack in November 2014 against Sony Pictures, which lost sensitive corporate data and email and saw many of its computers rendered inoperable.


“In a rare move, the FBI blamed North Korea for the Sony hack based on an analysis of malware suspected to have been developed by the country and used in other attacks,” the news report added.

To minimize cyber attacks, Senate bill proposes standards for cars

Good news for cars users and bad news for hackers as Senators Ed Markey and Richard Blumenthal has proposed new legislation that is designed to require cars sold in the United State to meet certain standards of protection against digital attacks and privacy.

It is said that the new privacy standards would govern data collected from vehicles under proposed legislation introduced in the U.S. Senate on Tuesday.

Soon after the WIRED revealed that two security researchers (Charlie Miller and Chris Val) have developed and plan to partially release a new attack against hundreds of thousands of Chrysler vehicles that could allow hackers to gain access to their internal networks, the U.S. government  has planned to come up with the legislation to increase the security in vehicles.

According to a new report posted on Wired, “Drivers shouldn’t have to choose between being connected and being protected,” Markey wrote in a statement. “Controlled demonstrations show how frightening it would be to have a hacker take over controls of a car. We need clear rules of the road that protect cars from hackers and American families from data trackers.”

As per the proposed legislation, data stored in the car should be secured to prevent unauthorized access and vehicles will also have to detect, alert and respond to hacking attempts in real time.

Similarly, National Highway Traffic Safety Administration (NHTSA)will develop new privacy standards under which vehicle owners will be made aware of what data is being collected, transmitted and shared.

“Owners will be offered the chance to opt out of such data collection without losing access to key navigation or other features where feasible,” the news report read.

The increasing hacking attacks against vehicles said to be the reason behind the proposed law.

Earlier this year, BMW fixed a vulnerability in its connected drive system that allowed an attacker to remotely unlock a car. It had not enabled encryption on its servers, allowing an attacker to mimic the server and send a lock or unlock command to a car. The fix was as simple as enabling HTTPS, but 2.2 million cars had to be upgraded.



#OpISIS: A Cyber attack against Twitter accounts related to ISIS


The Islamic State(ISIS) terrorist group is using social networking sites like Twitter to recruit people.  To bring an end to this, Anonymous hacktivists and their affiliates earlier this year launched an operation called "#OpISIS" against the ISIS.

The main motive of the operation is to take down all the websites and mainly Social Media accounts related to the ISIS.

The hacktivists have been on a search to identify Twitter accounts linked to ISIS. In March 2015, they reportedly tracked more than 25,000 Twitter accounts.  Most of the accounts have been reported and removed from Twitter. They also reportedly "destroyed" more than 100 websites.

Anonymous hackers now leaked more than 4000 email addresses, IP addresses and logs which is said to be taken from online communities supporting ISIS. Few links to the dumps have been shared in the Hackers Leaks website.

Some of the Email addresses listed in the dump ends with "*.gov" extension.

Hackers used Xtreme RAT malware to gain access to Israeli Defense computer



 
Seculert, an Israel Cyber Security firm, told Reuters that hackers gained access to the Israeli Defense ministry computer by sending a malicious email containing an Xtreme RAT.

Seculert CTO Aviv Raff told Reuters that earlier this month hackers took control of around 15 computers including the Israel's Civil Administration computer which monitors Palestinians in Israeli-occupied territory.

The firm declined to identify other 14 computers targeted by the hackers. An anonymous source told Reuters these included companies involved in supplying Israeli defense infrastructure.

The latest attack is appeared to be originated from US servers. However, experts noticed some similarities to previous attacks. The firm suspects the Palestinians to be behind the cyber attack.

The firm hadn't determined what hackers did after gaining access to the systems. It believes that hackers had access to the infected computers several days.

Xtreme RAT is the remote access trojan that gives hackers complete access to the infected systems. An attacker is able to steal any documents or execute any other malware code in the system.

The same malware has been used in several other targeted-attacks including attacks targeting 'the Israeli police department', 'syrian anti-government activists' and other governments.

No, Your fridge is not sending spam emails - They are innocent

A recent report from security firm Proofpoint saying "Internet connected Refrigerators are participating in massive cyber attack" is one of the hot topic on Information Security.

The report said that a massive global cyber attack involved more than 750k malicious emails relied on more than 100k consumer gadgets such as routers, multimedia systems, tvs and refrigerator.

However, a recent report form Symantec says "Internet of Things" devices including the Internet-connected fridge are not source of this spam campaign.

Symantec confirmed the source of spam as several windows-based computers, and none of them were originated from any non-windows based computer systems.

"if your refrigerator uses a feature known as port forwarding and someone contacts the IP address on port 80, that traffic is allowed to reach your smart refrigerator."Symantec report reads.


"Viewed from outside, all you will see is the refrigerator and you may not even realize there is a router with potentially many other devices behind it, such as an infected computer." Symantec experts explained that it might be the reason why researchers mistakenly considered the IoT devices as source for the spam campaign.

Even though the IoT devices such as fridge are innocent at this time, experts say that we can expect them to be exploited by cyber criminals in future.  Researchers also pointed out that there is already few malware targeting Linux-based IoT devices. 

NatWest online banking service hit by DDOS attack


A cyber attack to disrupt online banking services of Natwest left the customers unable to access their accounts online.  The website suffered a distributed denial of service(DDOS) attack.

"Due to a surge in internet traffic deliberately directed at the NatWest website, some of our customers experienced difficulties accessing our customer web sites this evening. " Mirror quoted as Natwest spokesperson saying.

"We have taken the appropriate action to restore the affected web sites.  At no time was there any risk to customers.  We apologise for the inconvenience caused."

This is not the first time the Natwest website under a cyber attack.  Earlier this month, all of RBS and NatWest's systems went down for few hours.

It is still unknown who is responsible for this cyber attack.  Bank customers started to blame the Bank for not able to access their accounts. 

US Retail giant Target targeted by hackers, 40 million credits cards at risk

 

US retail giant Target has confirmed it was victim of a cyber attack that could compromised payment details of approximately 40 million credit card and debit cards accounts.

The information involved in this security breach includes customer name, credit card or debit card number, CVV, expiration date.

According to the Target's statement, the breach may affect the users who made credit or debit card purchases in their U.S. stores from November 27 to December 15, 2013.

"we want to stress that we regret any inconvenience or concern this incident may cause you. Be assured that we place a top priority on protecting the security of our guests’ personal information." The statement reads.

The retailer said they immediately alerted authorities and financial institutions and partnering with a leading forensics firm to conduct forensic investigation about the breach.


Puthiyathalaimurai Website Hacked by same hacker as JavaTV and AIADMAK site .

A pakistani hacker by name "H4$N4!N H4XOR" belonging  to "Pakistan Haxors Crew" who hacked the JayaTV website and AIADMAK site before has now hacked the Puthiyathalaimurai website again and left the following message.




" Security Breach!
Hello Admin, I Hack AIADMAK website & jaya Tv So Kick Out That Innocent Kid From The Jail.
Your Site Security Is 0% And Easy To F***k,
PATCH YOUR SECURITY! "

He was talking about the recent arrest of  P. Eswaran by Central Crime Branch whom they arrested on suspicion of hacking the AIADMAK site. Eswaran said that he was only trying to fix the vulnerability and this hack seems to also  suggest that also. The pakistani hacker who initially posted  about the defaces is still active.

Though Eswaran was only trying to protect the website what he did is still illegal under section 66 of the IT Act . It would be very interesting to see how this case would play in court since it is the first of its kind.

Notorious Stuxnet malware infected Russian Nuclear Plant, claims Eugene Kaspersky

 

The notorious Stuxnet malware which is widely believed to have been developed by US and Israel to target Iran Nuclear plants, managed to "badly" infect the internal network of Russian Nuclear power plant.

Eugene Kaspersky, founder of the Russian antivirus company Kaspersky, said a friend of him working at unnamed nuclear plant told him that their nuclear plant network was disconnected from the internet which is badly infected by Stuxnet.

"So unfortunately these people who were responsible for offensive technologies, they recognise cyber weapons as an opportunity." SC Magazine quoted Kaspersky as saying.

"All the data is stolen," Kaspersky said. "At least twice."

This is first time the Stuxnet infects the major nuclear plant outside of its intended target in Iran.

Pakistan Army website and Facebook fan pages hacked by Indian Hacker


If you are regular reader of EHN , you know that this is not the first time the Pakistan Army website is under cyber attack.  Once again Indian hacker "Godzilla" breached the Pakistan Army website.

Speaking to E Hacking News, the hacker said that he hacked into "pakistanarmy.gov.pk" and left a malicious PDF file disguised as a magazine.


The admin clicked the PDF exploit which results in his computer is infected with malware.  It allowed the hacker to compromise the facebook fan pages.

The following Facebook fans pages deleted by the hacker : Pakistan Army Official Facebook Page (www.facebook.com/OfficialPakArmy)  Pakistan Army Officers Club Facebook Page (www.facebook.com/fb.paoc), Pakistan Army Fan Facebook Page(www.facebook.com/pakarmyfanpage).

He claimed the admin removed the login page of CMS used by the website but failed to remove the backdoor.

"Now no more deals, if you can fire then we can bombard  You are punished for breaking ceasefire we are coming for you." Hacker stated as reason for the cyber attack.

The website and facebook pages has been recovered at the time of writing.  It also appears the admin of the facebook pages blocked India from accessing the pages.

You can find more proof and details about the hack here:
http://pastebin.com/3jkp6k2e