Group "Lurk" who claims to have hacked into Hillary Clinton's emails was also hacking into LPDR members' accounts

Konstantin Kozlovsky, 30 Year old, one of the leaders of the Russian hacking group called "Lurk", who claimed to have hacked into Hillary Clinton's emails, also said to have stolen money from several prominent members of Liberal Democratic Party of Russia(LPDR), according to the local media

According to the documents given by one of the defense lawyers, the group stole 4 million RUB (4.3 million INR) from Vladimir Zhirinovsky, , 99 million RUB (107 million INR) from Igor Lebedev( son of Vladimir Zhirinovsky), and 1.7 million EUR (135 million INR) from Vadim Dengin.

The group was detained by the FSB in June 2016, accused of performing cyber attacks on Russian Banks and stole about 3 billion RUB (3.2 billion INR).

In 2017, Kozlovsky took responsibility for hacking into the Hillary Clinton's Email accounts, servers of National Committee of the Democratic Party of the United States and Military Enterprises of the United States.

He claimed that he was recruited by FSB in 2008 and done various cyber attacks for a long time. He also mentioned that his supervisor was FSB major Dmitry Dokuchaev.

"At the end of December 2017, the media reported that Dokuchaev, as well as a number of FSB officers, including former head of the second directorate of the FSB Information Security Center, Sergei Mikhailov , themselves fell under investigation in connection with the leakage of information about hacker hacking of the US Democratic Party servers." The local media reports.

However, representatives of the Ural divisions of the FSB expressed confidence that all the statements on behalf of Kozlovsky are nothing more than an "attempt to draw attention to his criminal case" and, possibly to ask political asylum later.

Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom

Unknown Hackers demand several hundred of Bitcoins from the administration of the Airport "Domodedovo" (Moscow International airport), otherwise they will intervene in the navigation systems of the Airport.

According to the Airport staff, the attackers sent threatening e-mail to the Domodedovo Contact Center.  They said they will interrupt the function of the Airport's navigation equipment this weekend on July 28-29.

The hackers have claimed that they have the technical capabilities to do it.

Should people be worried about this? Vladimir Ulyanov, Head of the Analytical Center "Zecurion", believes that if cyber criminals have an accomplice inside the Airport "Domodedovo", then there are reasons to be concerned.

But a person who is sitting in another country or inside the country can't simply hack into these system via Internet, says Ulyanov. 

"In this case, threats were sent to some common box. If we are talking about serious attacks, then in this case the letter would most likely have come to the person who is responsible for information security or can make a decision that he is ready to pay ransom." local media quote Ulyanov as saying. 

The Airport administration has tightened security measures at terminals and at airfields.

Domodedovo Safety Officials confirmed reports of an anonymous threatening e-mail and stressed that the functioning of the Airport "Domodedovo" is not under threat.

- Christina

Elliot Alderson(FSociety) hacks BSNL

Elliot Alderson sends information of vulnerabilities he found on BSNL. he released this from his twitter handle "fs0c131y".

It looks like he has found multiple vulnerabilities like sql injection, ransomware attacks on two servers and broken authentication. he claims some of these vulnerabilities were reported by another hacker in India 2 years back and BSNL did not respond back.

It is unclear if this hacker passed on some of the vulnerabilities to "Elliot Alderson"

According to the hacker, "You will find multiple issues with different level of severity. All these issues have been reported to BSNL via Twitter. I discussed with @BSNLCorporate and a member of their IT team. They acknowledged the issues and fixed them".

It is very interesting to note, BSNL has talked to the hacker and worked on their issue and patched/fixed/taken down some of these site. Most of the vulnerabilities have been addressed.Contrary to the claims, BSNL action has been proactive.

The same hacker had earlier identified vulnerabilities in multiple website like Indian express, aadhar, punjab police and Bangalore police.

It is unclear if law enforcement agencies have registered cases to pursue the hackers.

"Law enforcement agencies can take action if the affected parties register compliant", says a senior law enforcement officer.

According to a Mumbai based IT security company , "we believe the intrusion are from hackers in india(who may have used vpn and tor) to hide their identity, If the hackers only wanted to expose vulnerabilities, they should work with penetration testing company who are CERTIN Empaneled. They will earn out of this exercise".

Another IT Security Company who worked for close to 20 years in information security says, "This is work of a script kiddie. BSNL security was like 0/10 and this guys skill is 1/10."

Website of Chelyabinsk court hits by data-encrypting malware

Attackers hacked into the website of Arbitration court of Chelyabinsk( a federal subject of Russia, on the border of Europe and Asia) and infected the server with a data encrypting malware.

The malware encrypted the information and files on the server. This incident took place on 4th October. By 10th October, the experts have managed to restore the website from previously saved backup.

However, the court lost all the information that was published on their website for this year, as the last backup operation was done only in January. The online resources including news, charts, video of conferences, information about bureau and judicial appointments were irretrievably lost.

According to the local report, the court is still trying to recover the information using their own sources.  There is no detailed information about the malware variant used in the attack.

- Christina

Hackers deface the website of the Ministry of Justice of Uzbekistan

On November 20, websites of some organizations including government websites were affected by a cyber attack.

A hacker from Bangladesh goes by an online handle "Skidie KhaN", a member of the hacking group called " Cyber Command0s(#Team_CC)" modified the main page of the websites of the Ministry of Justice. According to the local report, the defacement message said that the website was hacked by the hacker "Skidie KhaN".

In addition,the websites of the Ministry of Internal Affairs, the Ministry of Defense, Attorney General's office and the Ministry of the Economy were also under the cyber attack.

The Information Security Center of Uzbekistan declined to comment on the situation.

The consequences of cyber attacks on the websites of several government agencies of Uzbekistan is said to be eliminated. The government is currently working on finding the causes and method to thwart future cyber attacks.

In September, the attacker hacked into many Government websites of Myanmar.

- Christina


Kazakhstan Banks hit by massive DDoS attack

According to local media, several banks in the country have faced a massive DDoS(Distributed Denial of Service) attacks over the past few days.

The attack traffic came from several countries at the same time.  As a result, bank websites were unavailable for a certain time. One of the affected bank is HomeBank.

"The bank's specialists recorded yesterday a large-scale DDoS attack in the form of false requests simultaneously from a huge number of IP addresses that block the operation of the portal."  The Homebank posted in the Qazkom's Facebook Page.

"To ensure the protection of the site and your accounts, the bank's specialists take the necessary technical measures to neutralize the actions of hackers, therefore we apologize if there will be delays in conducting operations or the site will be temporarily unavailable." The Bank apologized for the inconvenience.

Kaspi bank said that their servers and services are not affected by the attack. The bank said they are actively monitoring and working to prevent such attacks.  Other Banks including HalykBank, People's Bank also claimed that their servers are not affected by this attack.

Just a few days ago, the Committee of National Security of the Republic of Kazakhstan stated that Banks hide the information about hacker attacks to maintain the Bank's reputation. In 2017, six Banks have suffered a phishing attack, and only one of them asked KNB to help.

- Christina

Ministry of External Affairs thanks hacker for Inputs on Vulnerabilities

Kapustkiy, the hacker who hacked into 7 Indian Embassies and also hacked into Indian embassy in New York wrote to E Hacking News. In exclusive email he says he was in for a surprise when a senior Indian government official sent him an email.

Kapustkiy claims "They have started to fix everything one by one, and thanks all media for the support", he claims he had no malicious intent and only wanted to show that these vulnerabilities existed. He resorted to posting on pastebin only because the Embassy Officials did not respond to him.

Kapustkiy sent a screenshot of email(to E Hacking News), he received from the joint secretary in MEA. The Senior MEA officially has appreciated kapustkiy's efforts to bring forth the vulnerabilities. He requested the hacker not to post further hacks into pastebin. 

Kapustkiy was pleasantly surprised by this email from Ministry of external affairs.

"Corporate India should learn from this incident, how Government of India has responded to such an incident where they appreciate the hacker and take steps to fix the vulnerabilities. Most Indian corporates cover up security breaches in India, maybe they should take a page from the Indian Government" says J Prasanna, Director, Cyber Security and Privacy Foundation Pte Ltd.

Seven websites of Indian Embassy hacked, database leaked

Seven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on (

The countries where Indian Embassy got affected are South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania.

Indian Embassy in South Africa (  was the first one to be hacked.  The hackers published the admin login detail and password, other than that they also published the whole database containing the name, passport number, email-id and their phone numbers. The published data contains 161 entries, and the database contains 22 tables.

While the  Indian Embassy in Bern was the second target ( and it contains 3 databases with 19 tables with total 35 entries, and login details with passwords. The compromised data includes the name, last name, email id, address, college, and a course where students are enrolled.

The third country that got affected is Italy. The hackers hacked three databases with 149 entries, including the name, email-id, telephone numbers, and their passport numbers. Here also the affected are the students.

In Libya also the Indian embassy's three databases were hacked with 24 tables and 305 entries. While High Commission of Mali was the least affected by this hack, with 14  entries and 16 tables.

The Indian Embassy in Malawi hacked database contains the 74 entries with 16 entries, including their name, email-id, and their mother name. The Romanian Embassy saw the hack of two databases with 139 entries and 42 entries separately with their passport numbers.

When E Hacking News contacted the hacker, he clarified that "I am from Netherlands. I've found several SQL on their website and I reported it.But they ignored me so I dumped there db" - says hacker on email.

27 million account hacked and sold

If you have an account on online dating website then it is very high probability that your account has been hacked.

A hacker has claimed of accessing the account usernames, passwords and email addresses for 27 million people by posting a Hell.

According to the Motherboard Vice, who first reported about the hack said that hacker has hacked over 27 million users account details, and sold them to someone else through a deal brokered on the Hell forum.

The hacker told to Motherboard Vice that he managed to compromise the server, and used command access to look at the MySQL database and then download parts of it.

Further adding he said that the online dating website has lax a security flaw which allow  users to log onto the website  without authenticating  their email-id to complete the sign-up process, which means that  you just have to log onto the website, create your account with an email address that belongs to you or to someone eases.

The hacker reveals that Mate1 does not use any encryption technique to store passwords, so don't worry if you have forgotten your password, it will be sent to the corresponding email in plain text.

It is not clear how much the hacker eventually sold the data for, although he was offering it 

Hackers hold a Hollywood hospital for Ransom

A hacker who has attacked the computers of Hollywood Presbyterian Medical Center is demanding a ransom of 9,000 bitcoins to remove the ransomware which is holding the hospital’s computers hostage, since a week and is preventing the staff from accessing essential data like patient files and test results.

The issue came to forefront when the hospital’s President and CEO, Allen Stefanek told NBC Los Angeles that the hospital’s computer network was suffering from IT issues since February 05 which is posing a big problem in day to day activities and the hospital is forced to turn away new patients.

The staff is using fax machines and telephones to communicate between different departments as they do not have access to email. Doctors also are unable to access patient’s information, including past medical records, newly admitted record and medical test results.

Registrations and medical records are being logged on paper and staff has been instructed to leave their systems offline until told otherwise.

The malware has resulted in a typical chaos within the hospital as some outpatients are missing on their treatments while new patients are being transferred to other hospitals.

Though no patient information has been compromised but the hospital has given the charge to Los Angeles Police department (LAPD) and law enforcement agency, Federal Bureau of Investigation (FBI) to trace the identity of the attackers so that hospital does not lose out more.

In earlier hospital e -attacks, the hackers generally focused on stealing personal data but in this case nothing as such happened and the attack looks more to extract a big payout.

A bitcoin presently costs about $397.07 USD, making the ransom demand worth about $3,573,630 USD.
It is not been made clear if the hospital plans to pay the ransom or not if the solution to attack isn’t found.

The critical data needs to be stored in a tape backup as these sorts of attacks are becoming common with every increasing day.

Flaw in Westermo Industrial Switches puts customer devices at risk

U.S Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)revealed last week that Westermo Ethernet industrial switches uses secure sockets layer (SSL)private keys which are hardcoded and shared across devices.

The Sweden-based company, Westermo is a supplier of high quality data communications equipment designed for harsh industrial applications. The firm’s solutions are used across the world in sectors such as transport, water, energy supplies, mining and petrochemical.

ICS-CERT discovered that using same SSL keys can be used by malicious actors to intercept and decrypt communications via a man-in-the-middle (MitM) attack and leverage the information to gain unauthorized access to a vulnerable device.

Even an attacker with low skill can exploit this flaw if they manage to launch a successful MitM attack on devices running versions 4.18 and earlier of WeOS, the operating system that powers Westermo’s hardware platforms.

The attack can affect Falcon, Wolverine, Lynx, Viper and RedFox.

The company is working on fixing the flaw by including the automate function of changing the key which will be included in WeOS 4.19 but for now the vendor has released an update that will allow users to change the problematic certificate in the web interface of the affected devices.

Meanwhile, users have been advised to update WeOS to the latest version and upload a custom certificate by following the instructions.

The affected company has also warned its customers to avoid self-signed certificates and either completely disable web access to the devices or limit access to secure networks.

FireEye Patches Critical Flaw Found by Google Researchers

FireEye has rushed to patch a serious vulnerability identified in its products by researchers at Google’s Project Zero.

Project Zero researchers Tavis Ormandy and Natalie Silvanovich announced on Friday evening that they had developed a reliable exploit for a remote code execution (RCE) vulnerability affecting FireEye’s Malware Protection System (MPS). The experts haven’t provided any technical details, but Ormandy noted on Twitter that the bug likely affected “every version ever shipped.”

FireEye told SecurityWeek that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.

“FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products. Due to the severity of the vulnerability discovered, we released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by Saturday morning,” FireEye spokesman Kyrksen Storer said in an emailed statement.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.

This was not the first time researchers reported finding vulnerabilities in FireEye products. In September, FireEye patched several vulnerabilities discovered by Kristian Erik Hermansen and Ron Perris. Hermansen disclosed the details of a flaw before the security firm could release a fix, claiming that he had reported the issue 18 months prior to its public disclosure.

In September, FireEye also resolved five vulnerabilities reported by German security firm ERNW. The issues – which included command injection, code execution, privilege escalation and memory corruption vulnerabilities – affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.

FireEye’s support site currently lists nearly a dozen advisories describing vulnerabilities affecting the company’s products. The list does not include an advisory for the latest flaw reported by Ormandy.

FireEye is not the only security company whose products have been analyzed by the Google researcher. In September, Ormandy reported serious vulnerabilities in products from Kaspersky Lab.

source: Security Week

Data hacked at UK pub chain JD Wetherspoon

The latest firm to be hit by a cyber attack is UK pub chain JD Wetherspoon. One of Britain’s biggest pub companies, JD Wetherspoon’s website has been hacked, leading to the data breach of their customers’ personal details.

The cyber attack leaked the names, email addresses and birthdates of 650000 customers as well as the card details of 100 others.

The company statement said: “These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.

Wetherspoon, however, said that the breach occurred in June but has just been discovered.
The company has alerted customers by email and informed the information commissioner’s office in the UK.

In a letter to its customers, Chief Executive John Hutson said that the company has taken all the necessary measures to make the website again. A forensic investigation is continuing in the breach.

The customers have been recommended to remain vigilant for any unexpected emails asking for their personal information as well as messages requesting them to click on links or download files.

Hutson added, "We apologize wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”

Vtech hacked, customers’ information accessed by intruders

Whether hackers find it is easy to hack kid’s toy or they like such toys so much that they have been targeting those things now and then.

Recently, VTech, a Hong Kong global supplier of electronic learning products from infancy to preschool and the world's largest manufacturer of cordless phones, app store database hacked by “unauthorized access”.

The customers can download games, e-books and other content on to their Vtech devices from that app stores.

The company made it public on November 27 via a post that the names, home and email addresses, security questions and answers and other information of millions of families had been breached from a top toymaker's database on 14 November.

“An unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products,” the firm wrote in the post.

However, the firm has not provided exact number of victims of the hack.

After discovering the unauthorized access, the company started an investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against further attacks.

“Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history,” it added.

The company has clarified that the database does not contain any credit card information of the customers.

“VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway,” the post read.

Furthermore, the customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

The investigation is still going on. The firm is looking for additional ways to strengthen Learning Lodge database security. 

Mr.Grey back again: Theft of 1.2 billion log-in credentials

Mr. Grey, not again! A Reuter report has confirmed that the famous hacker Mr. Grey’s involvement in stealing 1.2 billion internet credentials.

Mr. Grey, who had got the access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N), now linked by the FBI through a Russian email address to the theft of a record 1.2 billion Internet credentials.

According to the documents, which were made public by a federal court in Milwaukee Wisconsin, the hacker was associated with a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites.

The investigation started last year when Milwaukee-based cybersecurity firm obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

After that the FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam.

It also discovered an email address registered in 2010 contained in the spam utilities for a "mistergrey".

Further, it found out posts of 2011 by the hacker stating that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security's chief information security officer, told Reuters this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Bug in MetroPCS website allowed hackers to steal 10 million subscribers’ data

Eric Taylor and Blake Welsh, security researchers from Cinde, have shared via Motherboard about a bug presented in MetroPCS, a prepaid wireless service that provides nationwide talk, text, and data depending on the plan services using T-Mobile US' GSM, HSPA, HSPA+ and 4G LTE networks, website that could have allowed hackers to get information of more than its 10 million subscribers.

As per many news reports and security experts, with a little programming knowledge, the hackers could have just run an automated script and harvested the personal data of many, if not all, MetroPCS customers. And for this, they would not even need someone's phone number.

The hackers could get a person's home address, phone serial number and more.

However, the flaw has been fixed.

A spokesperson for T-Mobile, which owns MetroPCS, told Motherboard the flaw had been fixed, so the data was not exposed anymore.

The researchers found the bug in mid October and once the Motherboard verified the flaw, it notified T-Mobile on October 22.

“We held the story until the bug was fixed to protect MetroPCS’ customers’ data,” the Motherboard wrote in a blog post.

“I needed to find out her data was use a Firefox plugin to send an HTTP request to MetroPCS’ website using her phone number. Once I did that, I saw her full name, home address, the model and serial number of her phone, as well as how much she was paying a month for her subscription. My friend confirmed that the data was accurate, and I tested this with the number of a Twitter follower who also agreed to be part of the experiment,” the blog post added.

Taylor told Motherboard that by using social engineering, a malicious hacker could have used this information to carry out other attacks “that would all end up in a terrible situation for the customer.”

Till now, there is no evidence that anyone found the flaw on MetroPCS’ website and stole customers’ personal information. And now, nobody will be able to abuse the bug for such nefarious purposes.

Cyber Caliphates hack Twitter accounts of heads of Security Agencies of America

A group called ‘cyber caliphates’ setup by British ISIS fighter Junaid Hussain hacked about 54,000 Twitter accounts and posted personal details of heads of America’s security agencies on November 01.

The personal details posted online included passwords and phone numbers of CIA, FBI and NSA heads.

The attack was initiated in retaliation for the drone attack that killed Hussain in August.

Hussain led IS's computer hacking division and was killed by a US drone in a joint operation with the UK. His widow, mother-of-two Sally Jones who is popularly known as 'Mrs Terror' is on a Government list of the most dangerous British recruiters for IS.

Since their leader’s death, Cyber Caliphate, which briefly took control of a Pentagon-owned Twitter account in January, has kept a low online profile.

Experts described it as a worrying escalation of the global cyber war.

The group also tweeted that they had details of members of the Saudi royal family, although this could not be verified.

Having spent several months apparently harvesting sensitive data, the details of the hot shots of security agencies were posted at 9 pm (GMT 1530 hours) on Sunday and till 11 pm (GMT 1730 hours) when Twitter was contacted by a security agency, it had suspended Cyber Caliphate’s account.

Among those affected are mostly believed to have Saudi Arabia orgins but some are feared to be British nationals as well.

It was not immediately clear how the hacked accounts were used. Victims were also unaware they had been hacked.

The incident came after the Government announced that the internet activity of everyone in Britain will have to be stored for a year under new surveillance laws.

 Cyber Caliphate is a group of hackers which is directly linked to ISIS.

In May, the hackers linked to the group who were involved in hijacking of social media accounts belonging to the US CENTCOM published a video threatening crippling cyber attacks against Europe, United States, Europe and Australia. The terrorists claimed to have the necessary cyber capabilities to spy on Western communications.

Another cyber attack, Fin5 hacking group steals 150000 credit cards !

An un-named casino has lost 150,000 credit cards in a cyber attack. The group responsible behind it- Fin5, a new hacking group that hacked the payment systems of the casino. 

 Researchers Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye uncovered the group.

The casino that had no security, even lacked the basic firewall around its payment platforms. It also didn’t had a proper logging.

(pc-google images)
Fin5  is linked to numerous payment card breaches including Goodwill. According to Emmanuel Jean-Georges, Fin5 has caused a breach in 12 firms. It is expected that even 6 more firms would have been affected by this group. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel told the Cyber Defence Summit in Washington, DC.

Barry Vengerik  explained that the attackers have targeted at least two payment systems and the un-named casino is one of them.

In the specific attack against the Casino, the experts discovered that the Fin5 gang used a backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain the control over the compromised system. 
Fin5 also has a tool called GET2 Penetrator, which is a scanning tool that searches for remote login and hard-coded credentials, and a free tool called EssentialNet that is used to scan the target network.

Hackers target 'Internet of Things' to launch various attacks

Today, most of the insecure embedded devices connected to the Internet like CCTV cameras, routers and often called as Internet of Things (IoT) are being targeted or hacked in any cyber attacks.

Imperiva Incapsula, a security firm, has revealed about a DDoS (distributed denial of service) attack. The attack was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras or closed-circuit television (CCTV) cameras protecting businesses around the world instead of a typical computer botnet.

The researchers from the security firm posted in its blog informing about the attack which peaked at 20,000 requests per second and originated from around 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
“Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials. And that's not all. Looking through the camera lens we also spotted a familiar sight—a storefront in a mall located not five minutes away from our offices,” they said in the blog post.

The researchers said that they were able to meet with the store owners, showed them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera's hard drive.

They claim in the blog post that among the 245 million professionally installed surveillance cameras operating around the world. However, there are more than million that were installed by unqualified professionals, with even fewer security precautions.

“Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks,” they added.

So, whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation. 

31-year-old hacker arrested for stealing data from a Polish bank

A news report broadcast and published in Radio Poland confirms that a 31-year-old hacker has been arrested who ‘stole’ data from the servers of an unnamed bank in Poland.

According to Katarzyna Balcer, spokesperson of police, the hacker, named as Tomasz G. under Polish privacy laws, had received several charges relating to computer fraud and money laundering. He would face up to 10 years imprisonment.

 The investigation has been led by the District Prosecutor's Office in the Praga district of Warsaw.
The ongoing investigation has shown that many hackers were collaborated in order to broke into the bank.

"The suspect worked with dozens of individuals and entities. The hackers have led to losses of more than PLN four million. We were able to prevent the theft of another PLN 3.5 million," Balcer added.

It was found out that the chap allegedly went by the online handle ‘Razor4’.

According to a news report published in The Register, in June Polish tech security news website Zaufana Trzecia Strona was contacted by a person using the email address, who claimed he had exploited an unspecified vulnerability to access the bank's public-facing servers "for a few weeks."

At that time, the hacker was able to snatch credit card, steal bank account information, make unauthorized transactions, and access the personally identifiable information belonging to the bank's customers, including account histories.

The person claimed that he stole 1m PLN, however, the bank apparently did not notice for several weeks.

Later, Zaufana Trzecia Strona (ZTS), a security firm, notified the bank about the data breach. After informing the bank, the ZTS got an anonymous threat suggesting that a "contract could be taken out on the author of the article if it were published."

The bank responded only in February when Razor4 had stolen 180,000 PLN in a single transaction. After that only the bank warned its customers to be aware of cash-stealing malware on their PCs.
The news report said, Razor4 demanded a ransom from the bank in order to not publish the data he had stolen and JavaScript code to the bank's web-pages that redirected customer transactions through his own systems. He modified the account numbers so they would match that of accounts under his control.

However, it was published in ZTS’s article that Razor4 registered a web domain name that differed by one letter from the bank's domain name, and assigned the dodgy domain name to his own servers through which transaction were redirected.