Hackers behind Canadian security intelligence service

In less than two weeks the Canadian Security Intelligence Service (CSIS) website was temporarily down for the second  time on 29 June.

According to the CTV News reports the latest hit was a denial of service attack. Jean-Christophe de Le Rue, a spokesman for the ministry of public safety and emergency preparedness, said, that the website was temporarily offline and that "no information has been breached. We are taking cyber security very seriously."

The report said, citing sources, several attacks on many Canadian municipal and police websites has been conducted by the person behind the latest attack. A local news website reported that the responsibility for the attack was claimed by a person using the Twitter account @TWITRis4tards. However, authorities have not confirmed the identity of the hacker.

The main motive behind the attack is unknown but it is suspected that hacker tried to  drive the attention of the authorities toward Bill C-51, which gave the Canadian government power to intervene and stop "violent Islamic jihadi terrorists" supporting the Islamic State group.

Many government websites, including ServiceCanada.gc.ca and Parl.gc.ca, were attacked, for which the Anonymous group claimed responsibility. However,  sources told CTV News that this time the person was working alone, unlike previous attacks.

Penn State University Becomes Victim To Yet Another Cyberattack


Penn State announced that it has detected another cyber attack.  The recent attack has been confirmed by the university on its’s College of Liberal Arts server. 
Penn State has stated that several systems have been compromised by cyberattacks; which have been accounted as two in number by anonymous threats.

FireEye cyber forensic unit, Mandiant has taken over the case and has been trying to investigate and analyse the attacks, that took place on the 4th of May; Seven weeks since then, the university now states that no harm has occurred in regards to the personally identifiable information(PII) or any other research data, since the it had introduced advances cybersecurity measures after the attacks on the College of Engineering servers.

Mandiant’s spokesperson, Nick Pelletier revealed that the attacks took place for the first time in 2014 within a 24-hour time period, while the latter breach was taken into action during March to May in 2015. Mandiant is not sure if the attackers are the same chinese group that attacked engineering.

Nick Jones, vice-president of Penn State in an official statement said that advanced monitoring systems have been introduced into the entire university network with constant support of Mandiant and the the attackers will be soon tracked down.

The attacks in the state university systems have created a threat for federal systems. Where any PII or research data was not compromised, some college-issued usernames and passwords were stolen and accessed. As a result, all the compromised accounts are being renewed and more information can be gathered from http://securepennstate.psu.edu.

LastPass network hacked, is your Password safe?


LastPass, a password manager that saves its users passwords and gives them secure access to them from every computer and mobile devices, has detected an intrusion on its network.

According to the official statement, information including users' email addresses, password remainders, server per user salts, and authentication hashes were compromised.

“In our investigation, we have found no evidence that encrypted user vault data was taken, nor were that LastPass users’ accounts accessed. "  the statement reads.

He added, “We are confident that our encryption measures are sufficient to protect the vast majority of users. It strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.”

In order to secure its data, the company is taking additional measures. It has asked all the users who are logging in from a new device or IP address first verify their account by email, unless they have multifactor authentication enabled.

According to the notice, emails have been sent to all users regarding the security incident.

“We are working to notify users as fast as possible,” Siegrist said.

Moreover, the company will also be prompting users to update their master password.

“However, if you have reused your master password on any other website, you should replace the passwords on those other websites,” he said.

Though the passwords stored in the vault is not said to be compromised, it is better to change those passwords also- Don't give a chance to hackers.  

Algonquin College server hacked but no information stolen

The information of more than a thousand former students was put at risk when somebody hacked the servers of Algonquin College in Ottawa.

According to college authorities, 1,225 students in the Bachelor of Information Technology and Bachelor of Science in Nursing programs are affected by the data breach.

The college immediately shut down the servers as soon as it became aware about the hack and claims that no data was transferred or taken from the servers.

A cyber team is determining how the attack could have happened and has said that it has found many more intruders in the system.

The college is covering the expenses for credit monitoring services for all those whose information was put at risk due to the hack.

Lithuanian Military Website hacked to post false information

If we had to believe what we saw on Lithuanian Armed Forces website on Thursday morning, then the North Atlantic Treaty Organization (NATO), an alliance of countries from North America and Europe committed to fulfilling the goals of the North Atlantic Treaty signed in 1949, is preparing for the annexation of Kaliningrad, Russia’s seaport city which is sandwiched between Poland to the south and Lithuania to the north and east.

However, Victoria Cemenite, spokesperson at the Lithuanian Defense Ministry, confirmed that the website had been hacked and that the false information has since been removed by the security experts from the National Cyber Security Centre.

And an investigation has been launched.

The ministry said a private company, which provided server for the Army website, is responsible for its maintenance and security.

Baltic country's National Defence Minister Juozas Olekas says that the hacking attack was aimed to harm the reputation of Lithuania and the NATO. Similarly, security measures will be taken to avoid vulnerabilities.    

“We are carrying out an investigation to identify what measures are necessary to avoid such incidents in the future. The contents was provocative and aimed at discrediting Lithuania and NATO," Olekas told journalists on Thursday.

“It is undoubtedly an initiative of people or institutions unfriendly for Lithuania and NATO. Now, both the sides are improving, hackers and institutions in charge of cyber security. It will be a good lesson for future considerations of additional security measures.”

iiNet urges its Westnet users to change their password after an alleged hack of customer database


iiNet, Australia's’ second largest internet service provider, has urged its more than 30,000 Westnet internet users to change their passwords after a hacker claimed to have gained access to the customer database and put them on sale.

According to a tweet posted by Cyber War News, the unknown hacker claimed to have hacked important details of the customers like passwords, email-addresses, telephone numbers etc.

He is now offering to ‘sell or trade’ Westnet's customer database.

However, he has not mentioned any rate for the information.

Matthew Toohey, chief information officer at iiNet, told Mashable Australia that the hack, which could be an unauthorized access to old customer information stored on a legacy Westnet system, was under investigation and had been reported to law enforcement agencies.

"iiNet takes the privacy and security of customer information extremely seriously," he said. "The 30,827 impacted customers are being contacted with a recommendation they change passwords associated with their accounts as this is the most effective way to ensure security. As a precaution, additional steps have been taken to increase the monitoring of impacted accounts."

The system is now offline.

Arizona’s department website shuts down after hacking attack


One after another, Middle East Cyber Army, a hacking group, is attacking government websites of various countries.

After Myanmar’s Ministry of Mines, the hacker group has hacked the website of Arizona’s Department of Weights and Measures’. As a result, the website has been shut down for the last one week.

The hackers left a message on the website, “Hacked by Middle East Cyber Army” and slogans like such as, “In Allah we trust. For Allah we work. Death to Israel. Free Palestine. Jerusalem is ours” along with a masked figure in front of the Dome of the Rock.

Andy Tobin, director at the department, confirmed that the department’s website was hacked on Sunday.

Today, the department’s website is still down for maintenance.

“The web-site you were attempting to access is currently undergoing maintenance activities. We apologize for the inconvenience. Please retry again later. Thank you for your patience,” the website read.

According to Tobin, soon after they got to know about the hacking attack, they shut down their website and database.

He said that the agency got its backup database running on Tuesday so its investigators can continue their work.

Tobin said the agency is investigating the matter collaborating with the Arizona Department of Administration. Similarly, they have also informed the U.S. Department of Homeland Security about the hacking attack.

The department is still trying to sort out the issue. It has yet to be determined whether the department to resume its website or shift its components over to the Arizona Department of Agriculture, which is scheduled to take over many of the department’s duties next year.

The hacking group had hacked many other websites like in December the group hacked the website for a school district in Little Rock, Ark. It took over the website for the small Quebec town of Terrasse-Vaudreuil in January. Similarly, in May, it targeted Auckland University in New Zealand. And in April, it hacked Art and Sol, a Scottsdale-based performing arts program for children.

Pro Syrian group hacked US Army's official website

 
The US Army's official website was hacked  by the "Syrian Electronic Army", and posted a message on its twitter account, criticizing the training of rebel fighters inside Syria.

According to the army officials, no personal or classified data has been stolen. The army has decided to temporarily shut down the website.

One of the messages reads as, "Your commanders admit they are training the people they have sent you to die fighting."

This pro-Syrian group has been blamed for various hacking and denial of service attacks of  numerous news media sites, including the Twitter account of AFP's photo service.

Army spokesman Brigadier General Malcolm Frost said in a statement, "Today an element of the Army.mil service provider's content was compromised. After this came to our attention, the Army took appropriate preventive measures to ensure there was no breach of Army data by taking down the website temporarily."

This is not the first time they have hacked website, in 2013 they created confusion in the stock market briefly by putting  out a fake media tweet falsely claiming the White House was under attack.

But officials said “It was possibly the first time a US military website had been penetrated, as previous hacking had targeted Twitter accounts.”

China blamed for Security breach at OPM, affects current and former federal employees


 
The computer system of the Unites State’s Office of Personal Management was hacked by the  Chinese hackers. They  will send notifications to approximately 4 million individuals whose personal data including personally identifiable information (PII) may have been compromised.

OPM detected a cyber-intrusion affecting its information technology (IT) systems and data in April 2015. The  hackers used the tougher security controls to intrude.

The U.S. Department of Homeland Security’s Computer Emergency Readiness Team (US-CERT) and the Federal Bureau of Investigation (FBI)  are investigating the full impact to Federal personnel.

After the intrusion additional network security precautions has been added  by the OPM. These includes: restricting remote access for network administrators and restricting network administration functions remotely; a review of all connections to ensure that only legitimate business connections have access to the internet; and deploying anti-malware software across the environment to protect and prevent the deployment or execution of tools that could compromise the network.

Credit monitoring and identify theft insurance, and recovery services are offered by OPM to  potentially affected individuals through CSID®, a company that specializes in these services.

“Protecting our Federal employee data from malicious cyber incidents is of the highest priority at OPM,” said OPM Director Katherine Archuleta. “We take very seriously our responsibility to secure the information stored in our systems, and in coordination with our agency partners, our experienced team is constantly identifying opportunities to further protect the data with which we are entrusted.”

This hack was second major intrusion by China in less than a year, and largest breach of federal employee data in recent years.

“China is everywhere,” said Austin Berglas, head of cyber investigations at K2 Intelligence and a former top cyber official at the FBI’s New York field office. “They’re looking to gain social and economic and political advantage over the United States in any way they can. The easiest way to do that is through theft of intellectual property and theft of sensitive information.”

Open garage doors within ten seconds with a hacked kid’s toy


Most of us may find it hard to believe that a hacked kid’s toy can open a garage door in less than ten seconds. However, a security researcher has discovered a new tool, which he dubbed OpenSesame, an app for hacked IM-ME texting toys that can open millions of fixed-code garage doors in less than a minute.

Samy Kamkar claims that the toy can open any garage door that uses an insecure “fixed code” system for its wireless communication with a remote.

The researcher reprogrammed the children’s toy, which is designed for short-distance texting called Radica Girl Tech IM-me.

Moreover, the toy (remote control) is in ‘pink’ color which is Kamkar’s favorite color.

With a fixed code garage door opener, the remote control always transmits the same 8 to 12-bit binary code. For a 12-bit code, there are 4,096 possible combinations strings of 1s and 0s.

The fact that openers’ fixed-codes can be cracked through brute-force is a known issue, but doing so was believed to take longer. A typical clicker resend the same code 5 times, with a transmission time of 2 milliseconds per bit and an additional wait time of 2 milliseconds between each bit.

The researcher has calculated that the process to repeat through all possible combinations for 8, 9, 10, 11 and 12-bit codes would take 29 minutes.

However, he found out that to re-transmit the same code 5 times is unnecessary. Once he removed all the unnecessary bits, the researcher noticed that the time needed to brute-force a fixed garage door opener code was reduced to 3 minutes.

In order to reduce the time, Kamkar discovered that the first n bits in the string can be 8, 9, 10, 11 or 12, depending on which code length is expected. For example, if the expected length would be 3 bits and the opener would receive a 101011 sequence, it would first try 101, then 010, then 101 and so on.

As per his findings and based on the formula of Dutch mathematician Nicolaas Govert de Bruijn, Kamkar developed a De Bruijn sequence which includes each combination of bits only once.

“OpenSesame implements this algorithm to produce every possible overlapping sequence of 8-12 bits in the least amount of time,” Kamkar said. “How little time? 8.214 seconds.”

However, there are now, new types of garage door openers which use Intellicode, which are not vulnerable to the attack.

“Vulnerable products are still sold by some manufacturers and many discontinued ones are likely still in use,” the researcher said.

There is proof-of-concept code for his attack which he published on GitHub, but the code is intentionally incomplete to avoid abuse by criminals.

“It almost works, but just not quite, and is released to educate,” he said. “If you are an expert in RF and microcontrollers, you could fix it, but then you wouldn’t need my help in the first place, would you.”

Japan Pension System hacked, millions of personal data leaked

 The personal data of more than one million Japanese citizens have been obtained by hackers, Japan Pension Service (JPS), an organization which manages Japan’s universal public pension system, said on Monday.

Toichiro Mizushima, president of Japan Pension System, told in a news conference that the Japan Pension Service staff computers were accessed by an external email virus, which led to the leak of almost 1.25 million cases of personal data.

During the conference, he apologized for the leak. He said that the combinations of names, identification numbers, birth dates and addresses of the Japanese citizens had been compromised.

“The organization is setting up a team to investigate the cause and prevent a recurrence,” Mizushima said.

According to a news report broadcasted on NHK public television, Abe said, "These are the people's vital pensions. I have instructed Health and Welfare Minister (Yasuhisa) Shiozaki to consider the pension recipients and do everything possible,"

Shiozaki also apologized in the conference for failing to prevent the personal data from the hackers. He had instructed the Japan Pension Service to set top priority on protecting the public's pensions.

Copart.com hacked, requests all members to change passwords


Copart, a Texas-based company which provides online vehicle auction and remarketing services, is urging its member to change their password for their Copart.com account after the company discovered that an authorized person gained access to its computer network.


“As part of our efforts to address the problem, the Copart is requiring all members to change the password for their Copart.com account,” Sean Eldridge, senior vice-president & chief operating officer at the Copart, wrote in a letter.


“If you have not already recently been required to reset your password, simply sign into your Copart account and go to the Change Password option under the My Account tab. Also, if you use the same username and password for any other account, we recommend that you change your password there as well,” he added.

On 31 March 2015, when the company identified that the unauthorized person accessed to its network, the company immediately worked to block any further unauthorized access.

A leading cyber-security firm has been hired for the investigation. It helps the company to help determine what had happened to the company’s system and to assists in implementing enhanced security measures.

“Based on the investigation, we determined that the unauthorized person may have accessed the member’s name, address, driver’s license number, telephone number, e-mail address, and the username and password for their Copart.com account,” said Eldridge.

In order to protect, the company has recommended its members to remain vigilant by reviewing their account statements and credit reports for any unauthorized activity.

Similarly, the members can also get a copy of their credit report, free of charge, in every 12 months from each of the three nationwide credit reporting companies: Equifax, Experian and TransUnion.

According to the letter, in order to order the free credit report, the members should visit www.annualcreditreport.com or call toll free at 1-877-322-8228.

Eldridge said that if any member believed that his/her personal information has been misused, he/she should immediately contact the Federal Trade Commission and/or the attorney general’s office in respective Home State.

Indian online music streaming service Gaana website hacked by Pakistani hackers


Indian online music streaming service Gaana website has been hacked by Mak Man, Lahore, Pakistan, based hackers. Hacked database contains more than 12.5 million registered users.

The hackers posted a searchable  link of the database on his Facebook account. After once  entering  a user’s email address, the database opens containing their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more.

Company issued a guidelines to their users  advised them to deactivate their account until the issue is resolved, and change their email, Facebook and Twitter passwords if they’re the same as on Gaana right away, because changing password of Gaana website won‘t help, as it gets updated in database.

Times Internet CEO Satyan Gajwani tweeted that only login credentials were accessed and no financial or sensitive personal data was leaked.

The hackers has removed the exposed database on Gajwani’s request, and  all Gaana users’ passwords have been reset.

Top secret Saudi documents hacked and released to public

A group of hackers from Yemen have put out a message saying that they have hacked the servers of Saudi Arabia's Interior, Defense and Foreign and gained access to thousands of top secret documents.

"We have gained access to the Saudi Ministry of Foreign Affairs (MOFA) network and have full control over more than 3000 computers and servers, and thousands of users. We also have access to the emails, personal and secret information of hundreds of thousands of their staff and diplomats in different missions around the world," the Yemen Cyber Army (the hackers) said in a statement which has been published on many hacking related websites.

The group has published some of the documents online and have threatened the Saudi government that they would inflict greater damage on them by releasing more documents, archived since the 1980s.

The group has said that it will wipe the servers of the Foreign Ministry of Saudi Arabia at midnight on Wednesday.

The Yemen Cyber Army has been previously known for hacking AlHayat.com.

Bettys Tea Rooms firm’s website hacked


The Bettys Tea Rooms  firm’s website was hacked on Wednesday, affecting more than 120,000 customers.

In a statement released by the company, they apologized, and blamed "industry-wide software weakness" for the data breach.

The hackers gained access to the firm’s website database, and stole the personal details of the customers which includes their names, email addresses, postal addresses, encrypted passwords and telephone numbers.

"We would like to stress that your credit or debit card details have not been copied as this information is stored on a completely separate system managed by a certified third party. Bettys takes customer confidentiality extremely seriously and, whilst customer passwords were encrypted, it is important that you change your password as soon as possible by clicking this link or entering www.bettys.co.uk into your browser," Bettys said.

They also advised their customers to not to respond to any of the phone or email communication regarding their personal and financial information.

"To be clear, Bettys will never contact you and ask you to share any personal financial information," the tea shop chain said.

Gang of old ladies named 'Northern N00bz' is suspected to be behind the data breach. To take revenge for some disservice, they acquired  some coding skills. A full investigation is going on.

Distributed Denial of Service(DDOS) attacks

A well-known Indian security news portal was targeted on May 21st morning by a DDOS attack. 2 hours before the attack the company tweeted "NSA planned to hijack Google App Store and plant malware on all Android Apps" and provided a news link. Whether the DDoS attack and this tweet are connected is an interesting speculation.

But the larger and more critical question is the vulnerability of digital assets. One would naturally assume that they had a robust defensive strategy in place. But, the DDoS attack which has brought down the portal suggests otherwise.

There has been series of hack and DDOS attacks on major corporate, Telecommunication and net banking portals.

“Today the digital assets of a knowledge or service based company has more value than its tangible physical assets. It’s imperative that they think beyond ready made security tools from the market and move towards employing security professionals who can provide customized security audit. “ says J.Prasanna of Cyber Security and Privacy Foundation.

"Even going to the police will be of not much help since these attacks are sophisticated and originate from different geographies. Very few have the forensics capability to make a credible case in a court." says SreeRam, the Police KravMaga instructor who is also part of a singapore based security company.

Both agree that … “with India's increasing clout in world trade and balance of power tilting gradually towards Asia, asymmetric warfare tactics like cyber terrorism will be relied more frequently to dent the credibility of the nation. As on date, India does not seem to have the aggressive posture as a deterrent.”

Telstra reveals security breach in Pacnet's IT network

Australia’s biggest telecoms company Telstra revealed that the corporate IT network of Pacnet, the company acquired by it  on April 16 this year, has been hacked.

This breach came into light shortly after it finished the acquisition of Pacnet Limited, a Singapore and Hong Kong based telecommunications provider that offers data center services to multinational companies and governments in Asia-Pacific Region.


The telecom company cited that the investigations have revealed that a third party had accessed  Pacnet’s corporate network through a SQL vulnerability and led to the hacking of admin and user testimonials.

 “We immediately addressed the security vulnerability that allowed access to the network, removed all known malicious software and put in place additional monitoring and incident response capabilities that we routinely apply to all our networks.”, Mike Burgess, Chief Information Security Officer, Corporate Security and Investigations of Telstra quoted in an announcement.

It was also clarified by Telstra that the Pacnet corporate IT network is not connected to it and there has been no proof of any activity on Telstra’s network.

"We have had no contact from the perpetrators so we don't know the reason behind it or who was involved,”,quoted Burgess.

The telecom company has stated that it will now talk to its customers to make them aware of what has exactly happened in the breach and how is the company responding to it.

FBI investigating e-billboard hacking

The FBI has been called into action after an electronic billboard was hacked on Peachtree road in Atlanta, according to local report.

While driving down the road on Saturday, commuters saw the image of a man exposing himself, on the billboard. One of the drivers was so disgusted that she called 911 to report the matter.

The owner of the billboard cut the power to it as a temporary measure to bring down the image. Security experts told Channel 2 that hacking into electronic billboards is often as easy as learning a password and does not require too much effort.

The FBI is currently looking into all the servers that could have been used to hack the billboard.

EllisLab urges its users to change their password after hack

EllisLab, a software development company, has urged all its users to change their password after hackers managed to gain unauthorized access to its servers on March 24 this year.

According to the company’s statement, in a bid to be safe from the hackers who might have stolen its members’, who are registered at EllisLab, personal information, it has asked people to change their EllisLab.com password.

The company said that the new users can also remove their account from the site. It is must, if anyone has sent his/her password via plaintext email instead of using the company’s secure form.

As the company form encrypts the passwords and removes them after 30 days, it is believed that those encrypted passwords would only be available to the hackers if anyone submitted it after February 24, 2015.

Similarly, if people have used their EllisLab.com’s password on other sites, they should change those too.

The company asked people to change the passwords periodically, and enable two-factor authentication whenever available. It also recommends tools which simplify the creation and use of unique passwords.

It is said that the hackers used a Super Admin’s stolen password to log in to the company’s site. The hacker then uploaded a common PHP backdoor script (a WSO Web Shell variant) that allowed them to control the company’s server. 

The company wrote that the Nexcess hosting prevented the "privilege escalation" attempt.  After getting alerts about the malicious activity, the unauthorized access had been shut down at the firewall level.

The company also thanks the Nexcess for their alertness and speed on their blog post.
Then the officials started dissecting the server logs to retrace hacker’s steps and learn how they got the access. They wrote that they had gone through all their files to remove what they added. 

The attackers had access to the server for three hours. Although the evidence does not show any stealing the database, the company prefers to be cautious and assume the hackers had access to everything.

After hack, Costa Coffee temporarily disabled its online Club Card accounts

 
Photo Courtesy: Costa Coffee website.

Costa Coffee, which runs a chain of coffee shop, has removed the ability to access Coffee Club Card accounts online after an unusual activity detected on its Coffee Club card’s members accounts.

Costa Coffee informed its Coffee Club Card members via E-mail that its loyalty scheme, under which people get 5 p of credit for spending every pound in the store and unlimited free Wi-Fi, got hacked.

It said that unusual activity was noticed on about 1 in every 5000 accounts (0.02%).

According to the E-mail, Costa Coffee had conducted a full security review and temporarily disabled its online Club Card account. As a result, people cannot change their password as of now.

The E-mail said that the company has already contacted those customers whose accounts have been affected. Along with that, the officials are resetting account passwords of every Coffee Club member as an additional precaution.

The account password will be reset in the next few days. They will confirm via email once the procedure gets completed.

Moreover, Costa Coffee is all set to introduce a new format for password to further optimise security and protect public Coffee Club points.

The E-mail said, “We apologise for any inconvenience this causes but it’s very important to us that your points and registration details remain safe. We thank you for your patience.”

While opening an account on Costa Coffee Club, it will ask for name, email, birthday, phone number, physical address and password.

The officials suggested that the password must be between 8 and 15 characters and include at least 1 uppercase letter, 1 lowercase letter, and 1 number. They suggested that people should avoid common words while choosing passwords.