"We are aware that some of our accounts have been compromised and are working to resolve the issue. Many thanks for your patience." The telegraph responded to the hack.

The recent report from Symantec shows that, even Cyber criminals became a fan of Telugu actresses Kajal agarwal and Samantha.  Cybercriminals started to use these actresses' name in their phishing campaign.

Few days after symantec spotted a phishing campaign with the title "Samantha & Kajal very hot song from Brindavanam Telugu movie", they spotted another phishing campaign that uses their name.

"the phishing site displayed a picture from a captivating musical number from the movie 'Saitan'." Symantec report reads. "The phishing site was titled, 'Samantha & Kajal Very Hot Song' but in fact, these celebrities were not a part of this movie. "


The phishing page requests the internauts who visit the page to log in for watching the video.  When a user give the login credentials, they will be redirected to the legitimate movie website.

" If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes." researcher says.

The private details of many Celebrity's have  been leaked on a website :" http://www.exposed.su/ (Currently Going in and out of service)"

This is the list of celebrities exposed: Michelle Obama, Kim Kardashian, Joe Biden, Robert Mueller (FBI Director), Hillary Clinton, Eric Holder (U.S. Attorney General), Charlie Beck (LAPD Chief), Mel Gibson, Ashton Kutcher, Jay Z, Beyonce, Paris Hilton,Britney Spears, Sarah Palin, Hulk Hogan, Donald Trump, Arnold Schwarzenegger, Al Gore, Kanye West, Kris Jenner, Stacia Hylton (U.S. Marshals Director), Mitt Romney, Tiger Woods ,Sandusky, Chris Christie, Bill Gates  

When this site went viral online and gained lots of media attention the FBI got involved and is now investigating.

Data seems to be from credit reporting agency's TransUnion, Experian and Equifax. All of them admitted they were compromised.

TransUnion, Equifax and Experian have a common website called annualcreditreport.com, where customers can get a free copy of their credit report by entering personal information – such as address, social security number and date of birth –, and by answering a few multiple-choice questions.

“What it appears happened is that personal identifiable information was evidently accessed or somehow obtained by the fraudsters who therefore were able to go into annualcreditreport.com and get some pieces of information on some individuals,” Equifax representatives told Ars Technica.

Here is an exclusive analysis of the site:

The website is running behind Cloudflare (CDN). Using Cloudflare has a lot of advantages .

• It hides the actual IP address of the site thus it will slow down attempts to trace and take down the original server.
• Keeps the site content on cache even if it is taken down by DDOS etc.  
• Even a small server will be able to handle lots of traffic.

Note: Cloudflare was also used by the infamous "Lulzsec" before they were shutdown

The hacker seems to be a fan of the TV series "Dexter" which is about "A likeable Miami police forensics expert who moonlights as a serial killer of criminals who he believes have escaped justice" .

First the Quote on the main page "If you believe that God makes miracles, you have to wonder if Satan has a few up his sleeve"

It is from the same TV show (Episode 12: "The British Invasion")

Second the background music embedded in the site links to : (Music from the TV show) https://www.youtube.com/watch?v=e2xxizpHuoo

The website also does not contain any images hosted within itself . All the images are taken from other sites that have already hosted them.

The use of  .su domain seems be an diversion to try to shift the attention to Russian hackers.

Whois data:

domain:        EXPOSED.SU
nserver:       dave.ns.cloudflare.com.
nserver:       fay.ns.cloudflare.com.
state:         REGISTERED, DELEGATED
person:        Private Person
e-mail:        exposed@allperson.ru
registrar:     REGTIME-REG-FID
created:       2013.03.06
paid-till:      2014.03.06
free-date:     2014.04.08
source:        TCI

The some of the pages also have youtube videos embedded in them (Most of them have something to do with the person exposed in the page)

Michelle Obama -- https://www.youtube.com/watch?v=rhN7SG-H-3k

Robert Mueller -- https://www.youtube.com/watch?v=ANeWYnArWXk

Charles Beck    -- https://www.youtube.com/watch?v=1M8vei3L0L8

Paris Hilton      -- https://www.youtube.com/watch?v=srP5twK-9Dw

Britney Spears  -- https://www.youtube.com/watch?v=kHmvkRoEowc

Donald Trump  -- https://www.youtube.com/watch?v=WD729yIKskU


Mitt Romey -- (Broken Link in site) https://www.youtube.com/watch?v=DrR4G5HHPxY (recovered)

Though the attack is very well planned the website itself seems be done in a hurry. And there seems to be no "pattern" to the hacks except that all of the victims are celebrities.

Note: Will update this post if I find anything else.

After the Security breach, the state hired an information security firm to investigate the intrusion.

According to the report , the hacker tricked a user in the Department of Revenue's system into opening a malicious file that allowed the hacker to access the system.

Also the investigation discovered that the Department of Revenue’s login system for the computer also did not have the strongest protections available to verify users trying to get in.

By using the stolen credential , the hacker then remotely accessed the revenue department’s database and stole the information.

Yesterday, we report that Gizmodo's twitter account hijacked after hackers compromised the iCloud account of Mat Honan, a former Gizmodo employee. At the time it was assumed that the hackers had used bruteforcing attack ,  but it turns out that Apple gave the hackers access to his iCloud account.

"I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions."Mat Honan said in the blog post.

"Apple has my Macbook and is trying to recover the data. I’m back in all my accounts that I know I was locked out of. Still trying to figure out where else they were. "

“Social engineering” is a fancy word for tricking the person on the other end to do what you want by making them believe that they are you.

Even if you have Strong passwords , hackers can convince the tech support person that they are you, they can walk past all that security. Nothing can protect you from this kind of targeted attack. 

UGNazi hacke group have manage to break into the WHMCS, a company that provides billing and customer support tech to many web hosts . They leaked data and deleted all the files from the firm’s server.

The data leak contains 500,000 records including customer credit card details, username, passwords and IP addresses.

According to report, The hackers tricked WHMCS's own hosting firm into handing over admin credentials to its servers.

UGNazi also gained access to WHMCS's Twitter account, which it used to publicise a series of posts on Pastebin that contained links to locations from which the billing firm's customer records and other sensitive data might be downloaded.

"Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions," Matt Pugh, WHMCS founder and lead developer explained.

“And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details.”

Hacktivists justified the attack by making unsubstantiated accusations that WHMCS offered services to shady characters, via an update to WHMCS's compromised Twitter feed:

Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi

After the incident, WHMCS reported the breach on its systems to the FBI.

FBI charged an alleged Army deserter 'Brandon Price' of Pittsburgh, Pennsylvania
with the  bank fraud in connection to the social engineered hijacking of Microsoft co-founder Paul Allen's debit card.

According to the Wired report, the suspect made a phone call to Citibank on January, impersonated Allen and request bank to change the address on his account. Later, he called the Customer service department of Citibank and stated that he had misplaced his debit card at his residence ,but didn't want to report it stolen. After Citibank send him a new debit card via UPS.

It just reminds me one of 'White Collar' TV series.

After UPS delivered it, the suspect made a payment $658 to his Armed Forces Bank loan account in Fort Leavenworth, Kansas. 

He also attempted to perform $15,000 transaction through Western Union and the following day, tried to make a $278 purchase from a Gamestop store in Pittsburgh, the authorities said. Those two transactions did not go through.

CyberCriminals used phishing attack on Xbxo Live Accounts and stolen millions of pounds. The average loss to gamers in 35 countries hit by the scam is around £100, but many lost £200.

Attackers send mail to Xbox Live Customers with Phishing page that claims "offering free Microsoft points that can be used to buy games." The gamers entered the personal info without knowing that it was phishing page. These criminals take small amounts from credit cards over several weeks so that victims can not detect theft. Other victims lost money when passwords were accessed.

The victims only realised when their online profile became "locked out" , meaning someone else had used it.

Microsoft confirmed there had been no breach in the security of Xbox Live itself. Microsoft is investigating and says a small percentage of users are affected. Microsoft spokesman said:

"We take the security of the Xbox Live service seriously and work to improve it against evolving threats.

Very occasionally, though, we are contacted by members regarding alleged unauthorized access to their accounts by outside individuals.

We work closely with impacted members directly to resolve any unauthorized changes to their accounts and, as always, highly recommend all Xbox Live users follow our account security guidance in order to protect their account details."

Microsoft spotted a spam that leads to Youtube Phishing page, which suggest to update browser with a bogus Active object(setup.exe. Of course, it is malware, detected as Backdoor:Win32/Caphaw.A.


This malware installs an FTP server, a proxy server, and a keylogger on the computer. It also has built-in remote desktop functionality based on the open source VNC project.
One infected user reported that money had been transferred from his bank account by an unknown party.

 The backdoor "calls home" to domains such as commonworld*****.cc or web****es.cc to get the data that it posts on the friends' Facebook walls. Its main module, in the meantime, is hosted on ****youtube.com.

If you see these type of spams, you can mark the post as spam to help prevent others from downloading the backdoor;