Alert

NEWS - October 03, 2012

Team Ghost Shell Claims to Publish Records from Thousands of Univerisities

Lashing out against what they believe is a hopelessly broken international education system, the hacker collective Team Ghostshell published some 120,000 records from a number of the world's top universities.

They are calling the operation "Project WestWind." In a post on Pastebin, the group justifies the leaks as an attempt to spread "awareness towards the changes made in today's education, how new laws imposed by politicians affect us, our economy and overall, our way of life."

They go on to cite high tuition prices in the U.S., oft-changed laws in Europe, and systemic thought-repression in Aisa as additional reasons for the operation, in which they claim to be targeting the top 100 universities in the world.

Among the universities listed in the Pastebin post are Harvard University, Cambridge Univeristy, Stanford University, Princeton University, Johns Hopkins University, and the University of Pennsylvania among many more. The group claims to have been merciful by releasing just 120,000 accounts and records, claiming that they left hundreds of thousands of additional records untouched in university servers. They also claim, without providing any evidence, that many of the servers contain malware and credit card information.

Continued : https://threatpost.com/en_us/blogs/team-ghost-shell-claims-publishe-records-thousands-univerisities-100212

Also:
Hackers leak 120,000 student records in raid on world's top unis
ProjectWestWind: Hackers Leak 120,000 Records from World's Top 100 Universities
Hackers leak 120,000+ records raided from top universities
Discussion is locked
Follow
Reply to: NEWS - October 03, 2012
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - October 03, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Universal Man in the Browser attack targets all websites

Trusteer have discovered a new Man in the Browser (MitB) scam that does not target specific websites, but instead collects data submitted to all websites without the need for post-processing. This development, which they are calling Universal Man-in-the-Browser (uMitB), is significant.

First, let's review how uMitB is different from traditional MitB configurations. Traditional MitB attacks typically collect data (login credentials, credit card numbers, etc.) entered by the victim in a specific web site.

Additionally, MitB malware may collect all data entered by the victim into websites, but it requires post-processing by the fraudster to parse the logs and extract the valuable data. Parsers are easily available for purchase in underground markets, while some criminals simply sell off the logs in bulk.

According to Trusteer's CTO Amit Klein: "In comparison, uMitB does not target a specific web site. Instead, it collects data entered in the browser at all websites and uses "generic" real time logic on the form submissions to perform the equivalent of post-processing. This attack can target victims of new infections as well as machines that were previously infected by updating the existing malware with a new configuration. The data stolen by uMitB malware is stored in a portal where it is organized and sold."

Continued : http://www.net-security.org/malware_news.php?id=2283

Also: New Strain of Man-in-the-Browser Malware Refines Data Sent to Attacker in Real Time

- Collapse -
Google Warns of New State-Sponsored Cyberattack Targets

[Screenshot: Google Warning]

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

On Tuesday, tens of thousands more Google users will begin to see that message. The company said that since it started alerting users to malicious - probably state-sponsored - activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.

Mike Wiacek, a manager on Google's information security team, said in an interview on Tuesday that since Google started to alert users to state-sponsored attacks three months ago, it had gathered new intelligence about attack methods and the groups deploying them. He said the company was using that information to warn "tens of thousands of new users" that they may have been targets, starting on Tuesday.

Continued : http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/

- Collapse -
Fake Quickbooks Emails lead to Malware Shenanigans

From the GFI Labs Blog:

We have some more rogue emails following the familiar pattern of the last few days - this time around, a fake Quickbooks themed email which promises "free shipping for Quickbooks customers": [Screenshot]

It points to a website that shows the end-user a "connecting to server" message, eventually redirecting to an IP address that has been / is still associated with Blackhole Exploit Kit and Java exploits. [Screenshot]

I'd say it's a bad time to be randomly opening dubious emails from complete strangers but, you know...

http://www.gfi.com/blog/fake-quickbooks-emails-lead-to-malware-shenanigans/

- Collapse -
300,000 Androids clustered together to study network havoc
MegaDroid: 300,000 Androids clustered together to study network havoc

Anyone who builds an Android app knows that testing on real devices is important. But what if instead of testing on one device at a time, you could test 300,000?

Enter MegaDroid. A project of the US government's Sandia National Laboratories in California, the aptly named MegaDroid has linked 300,000 Android virtual machines together in a testbed for studying all kinds of network disruptions. Researchers could use MegaDroid for anything they can dream of, but the lab says it envisions projects that seek to "understand and limit the damage from network disruptions due to glitches in software or protocols, natural disasters, acts of terrorism, or other causes."

MegaDroid, unveiled on Tuesday, is the third in a series of such projects. The first was MegaTux, which booted 1 million Linux kernels as virtual machines in 2009, and MegaWin, which did the same with 100,000 Windows XP and Windows 7 instances. Fritz and team would like to extend the Mega- projects to iOS, but that would require some cooperation on Apple's part.

For MegaDroid, Sandia built a cluster on 520 nodes, each one a quad-core Intel Core i7 processor (Sandy Bridge) with 12GB RAM (and no disk storage), and a Gigabit Ethernet network. It cost about $500,000, a small amount for government labs accustomed to multimillion dollar supercomputers. Sandia actually specced out the cluster through CostCo, but then bought the hardware through a bidding process.

Continued :http://arstechnica.com/information-technology/2012/10/megadroid-300000-androids-clustered-together-to-study-network-havoc/

Also:
Researchers Link 300,000 Virtual Android Devices To Study Mobile Security
Android Network Used in Malware Propagation Forensics
Sandia builds massive Android network to study security, more
- Collapse -
FTC Blocks "Tech Support" Fraud Schemes Linked to India

US officials said Wednesday they shut down a series of so-called tech support scams, mostly operating from India, which duped consumers into paying to clean their computers of bogus virus infections.

The Federal Trade Commission said a US judge has ordered a halt to six "scareware" operations and has frozen their assets following an investigation in cooperation with Canada, Britain, Australia and New Zealand.

FTC Chairman Jon Leibowitz said the schemes involved calls to consumers in English-speaking countries from call centers in India, informing consumers of bogus infections.

The groups also used online ads which informed computer users of the infections, and then sold "fixes" at prices ranging from $49 to $450.

"In these outrageous and disturbing cons you get a call from someone pretending to be from a major computer company who dupes you into thinking you have a virus on your computer," Leibowitz told a news conference, which also played an audio tape of one of the calls.

Continued : http://www.securityweek.com/ftc-blocks-tech-support-fraud-schemes-linked-india

- Collapse -
DHS Issued False 'Water Pump Hack' Report; Called It ..
..a 'Success'

When an Illinois fusion center distributed a report last year stating that hackers from Russia had broken into a water district's SCADA system and sabotaged a water pump, the Department of Homeland Security stepped in publicly to denounce the report as false, blaming the regional fusion center for spreading unsubstantiated claims and sowing panic in the industrial control system community.

But while DHS was busy pointing a finger at the fusion center, its own Office of Intelligence and Analysis had been irresponsibly spreading the same false information privately in a report to Congress and the intelligence community, according to a Senate subcommittee investigation released late Tuesday. The DHS report was issued five days after the fusion center report was issued.

Even after the FBI and other investigators concluded a few days later that there was no merit to the hacking claims and that the reports were false, the DHS intelligence unit did not issue a correction to its report or notify Congress or the intelligence community that the information it spread was incorrect.

Continued : http://www.wired.com/threatlevel/2012/10/dhs-false-water-pump-hack/

Also: DHS utility, manufacturing security protection system blasted as useless in Senate report
- Collapse -
NIST crowns next-gen hash algorithm Keccak as official SHA-3

A US government agency has selected cryptographic hash function Keccak as the new official SHA-3 algorithm.

The National Institute of Standards and Technology's decision to pick the nippy system as the replacement for SHA-1 and SHA-2 marks the end of a six-year competitive process. Five algorithms were left in the running at the end, including crypto-guru Bruce Schneier's Skein.

Keccak was put together by cryptographers Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche, who work for STMicroelectronics and NXP Semiconductors. The NIST team praised the algorithm for its "elegant design and its ability to run well on many different computing devices". The system is said to take 13 processor cycles on a 2.4GHz Intel Core 2 Duo to process each byte of data, and can be implemented in hardware.

SHA-2 is used in various security technologies, from SSL and SSH to PGP and IPsec, and must be used by law in certain US government applications. Like its predecessor, Keccak converts information into a shortened "message digest", from which it is impossible to recover the original information, and thwarts attempts to generate an identical digest from two different blocks of input data.

Continued : http://www.theregister.co.uk/2012/10/03/sha-3/

Also:
SHA-3 Winner Chosen, But It May Be Years Before Keccak Has an Effect
NIST selects winner of SHA-3 competition

- Collapse -
Medical device hacking - FDA are told to start taking ..
.. it seriously

The US Government Accountability Office (GAO), prodded by Congress, has put out a new report [PDF] recommending that the US Food and Drug Administration (FDA) start thinking about how to secure insulin pumps and implantable cardioverter defibrillators from being vulnerable from targeted attacks.

As the report states, researchers have recently demonstrated the potential for incidents resulting from intentional threats in the two devices.

One example is the work done by McAfee's Barnaby Jack who, in October 2011, succeeded in overriding an insulin pump's radio control and its vibrating alert safety feature.

Cartridges in such pumps hold up to 300 units of insulin (capacity varies by manufacturer).

That's enough to last a typical diabetic one to two weeks (dosing varies depending on diet, subject weight, and insulin sensitivity), but Jack managed to dump an entire cartridge in one go.

Continued : http://nakedsecurity.sophos.com/2012/10/03/medical-device-hacking-fda-are-told-to-start-taking-it-seriously/

CNET Forums