Alert

NEWS - June 13, 2011

Organization Chart Reveals ChronoPay's Links to Shady Internet Projects

An online criminal enterprise, as tightly structured as any legitimate business corporation, was exposed in 2010. Emails and documents taken from employees of ChronoPay - Russia's largest online payments processor - were shared with a select group of law enforcement agencies and with KrebsOnSecurity.com. The communications provide the strongest evidence yet that a notorious rogue online pharmacy and other shady enterprises are controlled by ChronoPay executives and employees.

The leaked ChronoPay emails show that in August 2010 co-founder Pavel Vrublevsky authorized a payment of 37,350 Russian Rubles (about $1,200) for a multi-user license of an Intranet service called MegaPlan. The documents indicate that Vrublevsky used the service to help manage the sprawling projects related to ChronoPay's "black" operations, including the processing of payments for rogue anti-virus software, violent "rape" porn sites, and knockoff prescription drugs sold through hundreds of Web sites affiliated with a rogue online pharmacy program Rx-Promotion.com.

ChronoPay employees used their MegaPlan accounts to track payment processing issues, order volumes, and advertising partnerships for these black programs. In a move straight out of the Quentin Tarantino film Reservoir Dogs, the employees adopted nicknames like "Mr. Kink," "Mr. Heppner," and "Ms. Nati." However, in a classic failure of operational security, many of these folks had their messages automatically forwarded to their real ChronoPay email accounts.

Continued : http://krebsonsecurity.com/2011/06/organization-chart-reveals-chronopay%E2%80%99s-links-to-shady-internet-projects/#more-9899
Discussion is locked
Follow
Reply to: NEWS - June 13, 2011
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - June 13, 2011
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Hacker crims plant fake news to discredit sec researchers

"Hacker crims plant fake news to discredit security researchers"

Criminal hackers hacked into a specialist news outlet to plant a fabricated story falsely suggesting security researchers Mikko Hypponen and Brian Krebs had been arrested after they were supposedly caught selling stolen credit card details.

The bogus "news item" on fraud-news.com this weekend claimed that Krebs and his "boyfriend" Hypponen had traded 1.5 million compromised accounts causing losses of $75m in the process while all the while operating as respected security researchers. The article included a photoshopped extract from an underground forum featuring a fabricated dialogue between Krebs (AKA BlazinKrabz) and Hypponen (AKA WhiteHippo) discussing the sale of stolen credit card numbers.

All these claims are entirely untrue. In reality the fake article is a modified version of a real article by Krebs he wrote four years ago for the Washington Post. The fake screenshot is based on a doctored extract from a real cybercrime forum, omerta.cc.

"Let me just state it for the record that I'm not arrested and I have not been involved in selling stolen credit cards," Hypponen said, adding that the suggestion of a romantic relationship between himself and Krebs is also codswallop. "I like Brian, but not like that," he writes.

The fake news item was indexed by Google and picked up by a few surfers as a result. Despite its implausibility Krebs and Hypponen have been obliged to set the record straight with a few individuals who took the story at face vale.

Continued : http://www.theregister.co.uk/2011/06/13/hack_punts_bogus_cybercrime_story/

- Collapse -
Turkish Police Detain 32 Suspects Allegedly Linked to Anonym
Turkish Police Detain 32 Suspects Allegedly Linked to Anonymous

Following the arrest of three alleged "Anonymous" members by Spanish authorities on Friday, Turkey's state-run news agency has reported that police have detained 32 individuals allegedly linked to the hacktivist group.

The Anatolia news agency said today that the suspects were taken into custody after conducting raids in a dozen cities for suspected ties to Anonymous.

The group recently targeted Web sites of the country's telecommunications watchdog, the prime minister's office and parliament as a protest to Turkey's plans to introduce Internet filters.

After the arrests in Spain on Friday, the group responded on Saturday with a DDoS attack against the Spanish National Police Web site.

Continued : http://www.securityweek.com/turkish-police-detain-32-suspected-hackers-linked-anonymous

Also:
32 Anonymous suspects arrested in Turkey
Dozens Tied to Anonymous Arrested in Turkey
- Collapse -
I.M.F. Reports Cyberattack Led to 'Very Major Breach'

The International Monetary Fund, still struggling to find a new leader after the arrest of its managing director last month in New York, was hit recently by what computer experts describe as a large and sophisticated cyberattack whose dimensions are still unknown.

The fund, which manages financial crises around the world and is the repository of highly confidential information about the fiscal condition of many nations, told its staff and its board of directors about the attack on Wednesday. But it did not make a public announcement.

Several senior officials with knowledge of the attack said it was both sophisticated and serious. "This was a very major breach," said one official, who said that it had occurred over the last several months, even before Dominique Strauss-Kahn, the French politician who ran the fund, was arrested on charges of sexually assaulting a chamber maid in a New York hotel.

Asked about the reports of the computer attack late Friday, a spokesman for the fund, David Hawley, declined to provide details or talk about the scope or nature of the intrusion. "We are investigating an incident, and the fund is fully functional," he said.

Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland - and possesses sensitive data on other countries that may be on the brink of crisis - its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, "political dynamite in many countries." It was unclear what information the attackers were able to access.

Continued : http://www.nytimes.com/2011/06/12/world/12imf.html

Also:
Hackers hit IMF with 'sophisticated cyberattack', reports claim
International Monetary Fund Reportedly Hacked
Hackers breach IMF with 'sophisticated cyberattack' [update]

- Collapse -
Visit the New Facebook scare spreads on Facebook

Warnings are being posted across Facebook, warning users to beware messages from friends that invite them to "Visit the New Facebook".

Although these messages are being shared by Facebook users with the best of intentions, the warning about the risk of being locked out of your own Facebook account may in fact be more of a nuisance than the alleged hacker attack itself.

Here's a typical message seen on Facebook: [Screenshot]

PLEASE RE-POST FOR EVERYONE!!!!!!!!!THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK ' DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD

However, Sophos researchers have found no evidence that the threat is real. We simply haven't managed to uncover any reports of any users hit by such an attack.

As such, it appears that this is just the latest chainletter spreading across the social network. We've certainly seen plenty of similar examples of hoaxes spread by well-intentioned people in the past.

Continued : http://nakedsecurity.sophos.com/2011/06/12/visit-the-new-facebook-scare-spreads-on-facebook/

- Collapse -
User Data Stolen In Codemasters Hack Attack

Codemasters has closed its Website after substantial customer Information was stolen over a week ago

The online leisure market has been hacked again as UK games developer Codemasters reported losing user data. Like Sony, it took the company a week before notifying its users.

An attack on June 3 forced the company to shut down its website after raiders made off with personal information stored in its CodeM database, EStore, and code redemption pages. Customers trying to access the Website found themselves redirected to the Codemasters' Facebook page and this will continue to be the case "for the foreseeable future".

This is the second attack on Codemasters within a month.

A Treasure Trove For Phishers

The haul of stolen data is quite extensive but does not include payment card details because the company uses an external payment provider.

The unknown hackers' swag included members' names, usernames, screen names, email addresses, dates of birth, encrypted passwords, and biographies entered by users. They also grabbed details of last site activity, IP addresses and Xbox Live Gamertags. In addition, telephone numbers, order histories, and newsletter preferences,were accessed.

Continued : http://www.eweekeurope.co.uk/news/user-data-stolen-in-codemasters-hack-attack-31585

Also:
Codemasters game site hacked; customer e-mail, passwords exposed
Codemasters website hacked, user data stolen

- Collapse -
PlayBook OS updated after Adobe Flash security issue

A new version of the BlackBerry Tablet OS will soon be available to all BlackBerry PlayBook tablet users, to address a security issue raised by Adobe about its Flash Player, Research In Motion said Sunday.

The new version of the operating system, version 1.0.5.2342, will contain an updated version of the Flash Player, RIM said in a blog post.

Adobe issued an update last week for its Flash Player to deal with a cross-site scripting vulnerability. The problem could be exploited to perform actions on behalf of a BlackBerry PlayBook tablet user on any website or web mail provider if the user visits a malicious website that loads Adobe Flash content, RIM said on a support page.

The PlayBook's operating system is built from the ground up to run Adobe Flash.

Users who purchase and activate a BlackBerry PlayBook tablet on or after June 12 will automatically be updated to the latest version as part of the BlackBerry PlayBook setup process.

Continued : http://www.networkworld.com/news/2011/061311-playbook-os-updated-after-adobe.html

See Vulnerabilities & Fixes: BlackBerry Tablet OS Flash Player Cross-Site Scripting Vulnerability

- Collapse -
Support for Windows Vista coming to an end

Microsoft determines the support lifecycle of each of its products from the day that they are released: all products intended for private use are given five years of "mainstream support", while products designed for enterprise use receive an additional five years of "extended support"; in practice, a product's support lifecycle is always a few days or weeks longer. During the second phase, the only patches Microsoft will provide free of charge (at its download centre and via the Windows update function) are those which the it considers to be security related.

From 10 April, 2012, the Home editions of Windows Vista will no longer be supported. The Business and Enterprise editions of Vista with their comparatively wider range of features will be supported until 2017. However, Vista Ultimate, which has the widest range of features, is counted as a Home edition, and Microsoft's support for this edition will also end in April 2012.

Irrespective of this, another support period will end before then, as Microsoft will only continue to support Windows Vista if the current Service Pack has been installed; this applies to all editions from Starter to Ultimate. When a new Service Pack for Windows is released, users have two years to install it, as the support of the previous Service Pack is discontinued after that time. And that is what is about to happen to Vista with SP1: from 12 July, patches will only be released for versions of Vista that have SP2 installed.

After April 2012, affected Vista users can either switch to Windows 7 - Windows 8 will probably not be ready yet - or to Windows XP. Contrary to Microsoft's rules, all versions of XP, including XP Home, will be supported until at least 2014.

http://www.h-online.com/security/news/item/Support-for-Windows-Vista-coming-to-an-end-1259389.html

Related :
Reminder: Upcoming end of support for Windows Vista SP1
Support is ending for some versions of Windows

- Collapse -
Hack attacks target Epic, Nintendo, Bethesda

Game publishers are under increasing attack from Internet ne'er-do-wells, with customers of Epic Games becoming the latest victim of information theft and Nintendo warning of a new threat to its own users.

The floodgates appeared to open when Sony was attacked by digital vigilantes over its handling of the Other OS removal from its PlayStation 3 gaming platform. Since then, a number of other gaming companies have been attacked, with the most recent being UK-based publisher Codemasters.

Gaming house Epic Games, best known for its Unreal game engine which powers a vast quantity of modern games on a variety of platforms from consoles to tablets, has become the latest in a long list of victims. According to a notification on the company's forums, the site's recent downtime was due to an attack from persons unknown.

"Our Epic Games web sites and forums were recently hacked," chief executive Tim Sweeney confirmed in a surprisingly frank statement. "We're working on getting them back up and running, and expect everything to be restored in a few days.

"The hackers likely obtained the email addresses and encrypted passwords of forum users," Sweeney verified. "Plain text passwords weren't revealed, but short or common passwords could be obtained by brute-force attack. Therefore, we're resetting all passwords. If you have an account on the Epic Games forums, you can request to receive your new password by email it to the address we have on file for you."

Continued : http://www.thinq.co.uk/2011/6/13/hack-attacks-target-epic-nintendo-bethesda/

Also:
Games co Epic resets passwords after hack attack
Nintendo website hit by phishing threat?

- Collapse -
Siemens fixes industrial flaws found by hacker

Siemens has fixed bugs in its Simatic S7 industrial computer systems, used to control machines on factory floors, power stations and chemical plants.

The patches, released Friday, mark Siemens' first response to a high-profile computer security incident since the Stuxnet worm, which was discovered a year ago circulating on computer networks in Iran.

Siemens fixed a pair of flaws in the S7-1200 controller, acknowledging that one could be leveraged to take control of the system using what's known as a replay attack. A second flaw, in a Web server that ships with the device, could give attackers a way to crash the system. However, the attacker would have to first find a way onto the victim's network before launching these attacks.

Siemens had been scrambling to fix the bugs since they were discovered earlier this year by Dillon Beresford, a researcher with security vendor NSS Labs. Beresford had hoped to discuss the issues at a May hacking conference in Dallas, but pulled out of the event when it became clear that Siemens could not fix the problem in time.

Continued : http://www.networkworld.com/news/2011/061011-siemens-fixes-industrial-flaws-found.html

Also: Siemens Patches SCADA Holes, Downplays Threat

- Collapse -
Gartner Says Security Software Market Grew 12 % in 2010

Worldwide security software revenue totaled $16.5 billion in 2010, a 12 percent increase from 2009 revenue of $14.7 billion, according to Gartner, Inc. The 2010 results show that overall vendor revenue demonstrated a rebound in growth after a sharp fall in performance in 2009 due to the slow economy and tight IT budgets.

"Products within the security market are undergoing rapid evolution, in terms of both new delivery models - with security as a service showing increasing popularity - and new technologies being introduced, often by startup companies," said Ruggero Contu, principal research analyst at Gartner. "Key vendors continued to expand their product portfolios, buying companies where appropriate and expanding their reach into emerging markets."

Growth across the security segments showed great levels of variation, with more mature areas, such as endpoint security and Web access management, showing single-digit growth, while security information and event management (SIEM) and secure Web gateway products experienced double-digit growth.

Symantec retained its market share lead and accounted for nearly 19 percent of total security software revenue in 2010 (see Table 1). Performance of the largest players varied considerably; Symantec, Trend Micro and IBM recorded below-average growth, while other larger players, such as EMC, experienced above-average growth.

Press Release Continued : http://www.gartner.com/it/page.jsp?id=1714714

"Market Share Analysis: Security Software, Worldwide, 2010" Report Available @ http://www.gartner.com/resId=1691414.

- Collapse -
Nissan car secretly shares driver data with websites

Electric cars manufactured by Nissan surreptitiously leak detailed information about a driver's location, speed and destination to websites accessed through the vehicle's built in RSS reader, a security blogger has found.

The Nissan Leaf is a 100-percent electric car that Nissan introduced seven months ago. Among its many innovations is a GSM cellular connection that lets drivers share a variety of real-time data about the car, including its location, driving history, power consumption, and battery reserves. Carwings, as the service is known, then provides a number of services designed to support "eco-driving," such as break downs of the vehicle's energy efficiency based on comparisons with other owners.

But according to Seattle-based blogger Casey Halverson, Carwings includes the detailed data in all web requests the Nissan Leaf sends to third-party servers that the driver has subscribed to through RSS, or real simple syndication. Each time the driver accesses a given RSS feed, the car's precise geographic coordinates, speed, and direction are sent in clear text. The data will also include the driver's destination if it's programmed in to the Leaf's navigation system, as well as data available from the car's climate control settings.

Continued : http://www.theregister.co.uk/2011/06/13/nissan_leaf_privacy_invasion/

CNET Forums