ZionOps

With friends like Obama…

DamageControl — Mon, 15 Oct 2012 10:02:52 +0000

Some facts to consider:
1. Israel is the only Democracy in the Middle East.
2. Therefore, is a vital ally to America.
3. Obama has made friends with the Islamic Brotherhood, an undisputed terrorist movement.
4. Obama is therefore a threat America’s most crucial ally.
5. Peace talks aren’t working because you can’t make peace with someone who’s only desire is to wipe you off the map.
6. Iran has openly declared Israel as their first target.
7. Iran are well on their way to achieving their goal.
8. Sanctions on Iran are hurting the Economy, but their government doesn’t care.
9. Therefore, sanctions are NOT working.
10. America and the rest of the world are not safe from Iran nukes.
11. Denying this means you’re living in a bubble.
12. Obama IS denying this, therefore is either living in a bubble or knows the truth and is trying to bring America down.
13. Mitt Romney has no illusions regarding Iran and Islamic terrorists. Therefore, for all of his so-called flaws, is still the better alternative.

America, if you think that the only country in danger from Iran nukes is Israel, then you’ve learned nothing from 9/11.
World, if you think Iran’s threats to take over the world are madman’s raves and not to be believed, then you’ve just underestimated a madman, and have learned nothing from WWII.

If you think my conclusions are wrong, reference the fact you disagree with, alongside conclusive proof that it is incorrect. If you just attack without countering with facts, then you’re supporting Romney by proving that Obama supporters don’t know a thing.

Hacker claims responsibility for GoDaddy outage

DamageControl — Tue, 11 Sep 2012 15:37:12 +0000

(CNN) — GoDaddy, the massive Web hosting company, went down for several hours on Monday, taking an untold number of websites with it.

A person affiliated with the hacking collective Anonymous — named @AnonymousOwn3r on Twitter — claimed responsibility for the outage.

"I’m taking godaddy down bacause (sic) well i’d like to test how the cyber security is safe and for more reasons that i can not talk now,"that person wrote in response to questions from a technology reporter at tech blog Mashable.

The attack appeared to take down websites that use GoDaddy servers to host their information and also those that have registered their names with the company.

By Monday night, however, the company, which says it isthe "largest hosting provider of secure websites in the world," said most of its sites were working again.

"Most customer hosted sites back online," GoDaddy said on Twitter. "We’re working out the last few kinks for our site & control centers. No customer data compromised."

The outage caused widespread Internet problems on Monday.

"The more problematic part is that any domain registered with GoDaddy that uses its nameservers and DNS records are also down," Mashable wrote. "That means that even if you host your site elsewhere, using GoDaddy for DNS means it is inaccessible."

The company, which says it hosts 53 million domain names, has not commented on the cause of the problem.

"It is not just your site," one apparent GoDaddy client wrote in response to the company’s tweets. "It is EVERYTHING anyone has hosted with you…. from e-mail to websites…."

GoDaddy also apologized to its customers.

"So many messages, can’t get to you all… Sorry to hear all your frustration," the company said on Twitter. "We’re working feverishly to resolve as soon as possible."

By John D. Sutter, CNN

Mole hack? 30,000 computers of world’s biggest oil company hit

DamageControl — Sun, 09 Sep 2012 01:38:02 +0000

Insiders are thought to have facilitated the cyber-attack on the world’s largest oil company, says a probe. The group behind the hack on state-run Saudi Aramco claim the attack is revenge for “crimes and atrocities” by the Saudi government.

"It was someone who had inside knowledge and inside privileges within the company," a source familiar with investigation told Reuters.

The Shamoon virus spread through the company’s computer network last month, wiping the data from at least 30,000 computers, in one of the most destructive cyber-attacks on a single business in history.

Reports say to prevent any drastic consequences Aramco prohibited its employees from sending or receiving emails outside of the company and had to switch to paper transactions while it was dealing with the virus.

Hackivist group The Cutting Sword of Justice claimed responsibility for the attack on the company. They issued a statement saying that the attack was politically motivated and revenge for the “crimes and atrocities” committed by the Saudi Arabian government.

The previously unknown hacker organization also said that they had obtained classified documents from the hack and threatened to release them, although thus far nothing has been published.

Saudi Aramco has not made any comments regarding its ongoing investigation into the mass hack, refraining from speculating on what it called

“rumors and conjecture.”

“This was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” said the company’s chief executive Mr. al-Falih. He went on to say “not a single drop of oil was lost and no critical systems were harmed.

Meanwhile, Qatari gas producer RasGas announced that it had been affected by a similar virus at the end of August.

Uncommonly ‘destructive’

The virus in question, known as Shamoon, is not a sophisticated cyber weapon designed for high-level insurgency. It is used to attack ordinary business computers.

“Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems components or US government agencies,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in an August 29 advisory.

Once the Shamoon virus has infiltrated a computer network it attempts to infect every computer. The virus is capable of stealing information and erasing all data on the devices, experts say.

“We don’t normally see threats that are so destructive, it’s probably been 10 years since we saw something so destructive,” said Liam O Murchu from computer security firm Symantec.

Repression and marginalization

Saudi Arabia saw a number of protests across the country recently with the country’s Shia Muslim minority protesting against discrimination from the ruling Sunni monarchs.

The Shia protests were triggered last year in March when the Saudi government sent troops to neighboring Bahrain to crackdown on Shia protesters. Bahrain is also ruled by a Sunni Muslim monarchy.

Romney’s Taxes Hacked? Secret Service Is On It

DamageControl — Sun, 09 Sep 2012 00:46:00 +0000

The hackers who claim to have stolen Mitt Romney’s tax returns — and are holding them to ransom for $1 million in bitcoins — just became the targets of a federal investigation.

As we mentioned earlier, the unidentified team of hackers described the theft on Pastebin. That’s the same data-dump website where a treasure trove of one million Apple device IDs, allegedly taken from an FBI laptop, was found. The FBI later denied they’d been hacked.

The Romney hackers, by contrast, offered no proof — just a description of an elaborate burglary inside PriceWaterhouseCooper’s Tennessee office on Aug. 25, where they supposedly retrieved the tax returns that the GOP candidate has declined to release.

Romney’s team was given until Sept. 28 to transfer $1 million in bitcoins (an untraceable online currency popular in the criminal underworld). Otherwise, the hackers said, the tax returns would either go to the highest bidder or be released on Pastebin for all to read.

Ironically, one of the world’s largest bitcoin exchanges — Bitfloor — halted trading Wednesday after being hit by hackers itself.

Whether or not the hackers are blowing smoke, attempted blackmail of a presidential candidate is a pretty serious offense. So the Secret Service is investigating, a spokesperson told CNET.

The agency, formerly a department of the U.S. Treasury (and now part of Homeland Security), investigates financial crimes alongside its more well-known role of protecting Presidents and candidates. So it couldn’t be better placed to tackle this one.

Given that the tax return theft was described in such precise detail, it should be the work of a moment for agents to find out if it actually happened. Tracking down the hackers in question may take a little longer.

Will this help take the pressure off Romney, who has been under fire for not releasing as many tax returns as previous presidential candidates? Give us your take in the comments.

FBI Says Laptop Wasn’t Hacked; Never Possessed File of Apple Device IDs

DamageControl — Sun, 09 Sep 2012 00:14:36 +0000

The Federal Bureau of Investigation is refuting a statement made by members of AntiSec this weekend that they hacked the laptop of an FBI special agent and stole a file containing 12 million Apple device IDs and associated personal information.

The FBI also said it did not possess a file containing the data the hackers said they stole.

In a statement released Tuesday afternoon, the FBI said, “The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.”

In case that wasn’t emphatic enough, the FBI also tweeted:

Over the weekend, the hacker group AntiSec released an encrypted file that containing 1 million Apple device IDs and device names that the group said was obtained from an FBI computer they hacked.

The hackers said the original file contained 12 million IDs, including personal information, but they released only 1 million (leaving out the personal data) in an encrypted file published on torrent sites.

In a lengthy post online, the hackers wrote that last March, they hacked a laptop belonging to an FBI agent named Christopher K. Stangl from the bureau’s Regional Cyber Action Team and the New York FBI office’s Evidence Response Team.

The hackers say the IDs were stored in a file on Stangl’s desktop titled “NCFTA_iOS_devices_intel.csv.”

The file, according to the hackers, contained a list of more than 12 million Apple iOS devices, including Unique Device Identifiers (UDID), user names, names of devices, types of devices, Apple Push Notification Service tokens, ZIP codes, cellphone numbers, and addresses.

The hackers suggested in a tweet from the @AnonymousIRC account that the FBI was using the information to track users.

But the FBI disputes this. The FBI did not say whether the NCFTA, which was allegedly referred to in the file name the hackers obtained, possessed the data.

NCFTA refers to the National Cyber Forensics and Training Alliance. The NCFTA is a non-profit that was founded in 1997 by FBI agent Dan Larkin as a conduit between private industry and law enforcement agencies to help them exchange data and cooperate on cases.

The organization’s members include financial institutions, telecommunications firms, ISPs, and other private industries.

The NCFTA did not respond to a call seeking comment.

Apple UDIDs are a 40-character alphanumeric string that is unique to each Apple device.

The hackers say they released the Apple UDIDs so that people would know that the FBI may be tracking their devices and also because, they wrote in their online post, “we think it’s the right moment to release this knowing that Apple is looking for alternatives for those UDID currently … but well, in this case it’s too late for those concerned owners on the list.”

Apple has been criticized for hard-coding the IDs in devices, since they can be misused by application developers and others to identify a user, when combined with other information, and track them. Last April, Apple began rejecting applications that track UDIDs.

The Next Web has created a tool for users to check if their Apple UDID is among those that the hackers released.

Update 9.6.12: Apple, which had initially declined to comment on the story, released a statement after the FBI released its statement. According to Apple, “The FBI has not requested this information from Apple, nor have we provided it to the FBI or any organization. Additionally, with iOS 6 we introduced a new set of APIs meant to replace the use of the UDID and will soon be banning the use of UDID.”

Hacker Group Claims to Have Romney’s Tax Returns

DamageControl — Wed, 05 Sep 2012 00:44:00 +0000

Mitt Romney’s tax returns are reportedly in the hands of a team of hackers who plan on releasing them publicly at the end of the month unless a ransom is paid.

The group allegedly obtained the files from PricewaterhouseCooper’s Tennessee office on Aug. 25, in what was described on PasteBin as a Mission Impossible-like caper:

Romney’s 1040 tax returns were taken from the PWC office 8/25/2012 by gaining access to the third floor via a gentleman working on the 3rd floor of the building. Once on the 3rd floor, the team moved down the stairs to the 2nd floor and setup shop in an empty office room. During the night, suite 260 was entered, and all available 1040 tax forms for Romney were copied. A package was sent to the PWC on suite 260 with a flash drive containing a copy of the 1040 files, plus copies were sent to the Democratic office in the county and copies were sent to the GOP office in the county at the beginning of the week also containing flash drives with copies of Romney’s tax returns before 2010. A scanned signature image for Mitt Romney from the 1040 forms were scanned and included with the packages, taken from earlier 1040 tax forms gathered and stored on the flash drives.

The files are to be released to the public on Sept. 28, according to the PasteBin document.

The release, however, could allegedly be avoided if Romney’s camp were to wire transfer $1 million in Bitcoins— an online currency that is difficult both to trace and to identify.

“The keys to unlock the data will be purged and whatever is inside the documents will remain a secret forever,” states another PasteBin document. “Failure to do this before September 28, the entire world will be allowed to view the documents with a publicly released key to unlock everything. And the same time, the other interested parties will be allowed to compete with you.”

A call to to PricewaterhouseCoopers’ Tennessee office was not immediately returned.

Romney’s tax returns have been a lightning rod for criticism from President Barack Obama and Democrats like Senate Majority Leader Harry Reid, who claimed that the presidential hopeful hasn’t paid taxes for more than a decade.

“Never in modern American history has a presidential candidate tried so hard to hide himself from the people he hopes to serve,” Reid said in a speech at the Democratic National Convention Tuesday.

So far, Romney has released a tax return for 2010 and plans on doing so for his 2011 filing. He has refused to release any returns from before 2010.

“I pay all the taxes that are legally required and not a dollar more,” Romney said in a debate in January, according to the New York Times. “I don’t think you want someone as the candidate for president who pays more taxes than he owes.”

An Update on LinkedIn Member Passwords Compromised

DamageControl — Thu, 07 Jun 2012 07:30:12 +0000

The following update has been posted on the LinkedIn blog:

We want to provide you with an update on this morning’s reports of stolen passwords. We can confirm that some of the passwords that were compromised correspond to LinkedIn accounts. We are continuing to investigate this situation and here is what we are pursuing as far as next steps for the compromised accounts:

Members that have accounts associated with the compromised passwords will notice that their LinkedIn account password is no longer valid.
These members will also receive an email from LinkedIn with instructions on how to reset their passwords. There will not be any links in this email. Once you follow this step and request password assistance, then you will receive an email from LinkedIn with a password reset link.
These affected members will receive a second email from our Customer Support team providing a bit more context on this situation and why they are being asked to change their passwords.

It is worth noting that the affected members who update their passwords and members whose passwords have not been compromised benefit from the enhanced security we just recently put in place, which includes hashing and salting of our current password databases.

We sincerely apologize for the inconvenience this has caused our members. We take the security of our members very seriously. If you haven’t read it already it is worth checking out my earlier blog post today about updating your password and other account security best practices.

you-r!-k@n reboots the middle-east cyberwar?

DamageControl — Thu, 07 Jun 2012 06:20:12 +0000

This was posted yesterday on hackmageddon.com:

After several months of silence, a new resounding dump in Middle East.

I have just received an email message from you-r!-k@n, one of the early pro-Israeli contenders of the Middle East Cyber War, advising me of a new huge dump against an Iranian Server (irimo.ir, Iranian Meteorological Organization), which is currently unavailable. He claims to have acquired administrator privileges for the domain (1500 computers and server, 400 users), and has posted some screenshot as evidence, and the list of 400 Active Directory Users.

Of course I have decided not to publish the list except a small sample (which appears to come from a Windows 2000 Server), but cannot help but notice that, after a couple of months of silence, this is the first new event that closely resembles the resounding dumps which characterized the very first stage of the Middle East Cyber War.

Will this be an isolated episode or a brand new precursor of a new wave of attacks in the Middle East?

Update: Irimo.ir is currently unavailable, however, I was given a screenshot of the site before it was taken down. Looking at the messages left on the devastated site (which announced the erase of the Active Directory), it is interesting to notice that the reference to the Nuclerar as to reaffirm that the standoff between Israel and Iran about the Nuclear Strategy of Tehran, is influencing also the Cyber Space.

Linkedin Massive Data Breach – 6.5M accounts leaked

DamageControl — Wed, 06 Jun 2012 18:43:35 +0000

Though “unsalted hash” sounds more like a menu item for the sodium-conscious, it’s actually a reason to change your LinkedIn password.

Linkedin may help around five or six people a year get a new job, but mostly it’s a breeding ground for slimy recruiters and pointless networking groups. Well now it’s become even more irritating as an estimated 6.5 million of our passwords have been leaked online, according to The Independent.

The news comes in the wake of security concerns surrounding LinkedIn’s mobile application calendar feature. A report began circulating in which LinkedIn was violating its own user privacy policy by sending detailed calendar entries to its servers. The company said on Wednesday that it was in the process of updating the app, after researchers noticed a flaw in the way the app shared potentially sensitive “meeting notes” data.

Reports are suggesting that a Russian hacker published a list of the passwords online and is reportedly “crowd-sourcing help in breaking the encryption.” Linkedin has responded to the allegations with a number of tweets stating that the breach hasn’t been confirmed, but the team’s looking into the problems right away.

There is a possibility that this could be a hoax, but several people have said on Twitter that they found their real LinkedIn passwords as hashes on the list. Many of the hashes include “linkedin,” which seems to add credence to the claims.

Graham Cluley, a consultant with U.K. web security company Sophos, said in a blog post that investigations by Sophos researchers have confirmed that the file does contain, in part, LinkedIn passwords. It’s worth noting that the passwords are stored as unsalted SHA-1 hashes. SHA-1 is a secure algorithm, but is not foolproof. LinkedIn could have made the passwords more secure by ‘salting’ the hashes, which involves merging the hashed password with another combination and then hashing for a second time. Even so, unless your password is a dictionary word, or very simple, it will take some time to crack.

According to ZDNet, Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses, too, “though they appear encrypted and unreadable.”

Robert Graham has posted a web form that converts your password to an SHA-1 password for lookup and provides a link to the file of LinkedIn passwords that were dumped on the Internet so you can download and see if yours is in there.

I’ve also written a Python script that does the same, but you need the password file to be in the same folder. You can get it from here.

If you haven’t already, you should change your LinkedIn password and email login, certainly before you use this tool.

RT @_logik I don’t think I’ll change my LinkedIn password.If somebody’s hacked into it, please work on my resume. I’m too lazy to update it.

— lavanya (@lavsmohan) June 6, 2012

There are a few lessons from this:

Never ask users to have their email ID as a user ID. This would lead to a user email getting known and the user becoming a victim of spam later on.
A single password for multiple sites and and email ID as the User ID is a disaster for those who have the same password everywhere.
Do not put up too much personal information on social networking sites. The problem here is, taking social network sites too seriously could lead to issues in case of hacks like these.

And it is true…. only the paranoid survive.

Facebook replaces Chrome with Opera

DamageControl — Tue, 05 Jun 2012 10:57:42 +0000

Last week, Google Chrome users were shocked to find that Facebook appears to have dropped support for their browser, recommending Opera instead as one of the three supported web browsers, fueling further speculation of a takeover by Facebook of the popular web browser. It appears Facebook has since regretted this premature update, as their support page once again shows all four major browsers (IE, Safari, Firefox and Chrome).

*Update: As of yesterday, Facebook has been loading excruciatingly slow on Chrome, leading some to believe that Facebook may be deliberately throttling browsing speed for Chrome.

The Browser War

It is a known fact that historically, Google and Facebook have always been at each other’s throats, although the truth is, the hatred seems to be more on Facebook’s part, as Google never seemed to feel too threatened by the new kid on the block. Remember the whole "Facebook can import Google contacts", but not the reverse saga? The only exception might be Chrome’s direct integration with Google services, rather than Facebook, but in my opinion, that sort of favoritism is expected.

And here’s something interesting to close off on:

It appears that many large companies are sabotaging Opera’s user experience by blocking or serving Opera broken or outdated code. You can see for yourself by spoofing the user agent header. Compare the code that you receive from Google’s servers. If the user agent contains Opera, there are large parts of code missing or are outdated. You can clearly see that by doing server-side browser sniffing, Google is serving different content for Opera than for the other major browsers.

I can’t say for the many browsers out there, but this happens a lot to Opera. For example, big companies like Amazon and Microsoft also do the same thing and serve Opera different code. Amazon serves Opera missing code that prevents many of the Amazon features like Amazon Cloud, Amazon TV, appstore, etc., from working. The workaround for server-side browser sniffing is to spoof as a different browser so that servers can’t detect Opera from the user agent header. Sadly, spoofing as Firefox is what Opera had to do to bypass Amazon’s server-side browser sniffing.

Historically, Microsoft’s MSN.com sent Opera broken CSS / webpages. You can look at Opera’s response by searching for "opera bork bork bork".

P.S. Here’s my two cents on the browser war: I hate that Chrome “pretends” to be responsive when one of its pages are stuck. Many features on some of my favorite sites don’t work with Chrome, forcing me to switch to Firefox to regain that functionality. However, I’m sticking with Chrome because it performs great overall, and besides, I love Google. Point made.