Noticias sobre sites de Torresmos/Hackers

[Jorge-Vieira]

Cybercriminals attack Google Adsense to pump out malicious redirects

Over the past month a number of websites, including TweakTown, have experienced sporadic redirects to scam websites. It has been exceptionally difficult to track down the source of these redirects, and our team has been working tirelessly to isolate the source of the issue. The source of the issue appears to be malicious code injected into Google Adsense ads, which are used by websites around the world.

image: http://imagescdn.tweaktown.com/news/...icious-ads.png

In December a number of webmasters took to Google's Adsense Forum to complain of the issue, which seems to have peaked around January 9th. A total of 180 complaints were made on that day alone. Web security company Sucuri explains that cybercriminals possibly exploited two Adsense campaigns with Javascript code that loaded the malicious code. This redirect unfolds whether the user clicks the ad or not. Sucuri was able to track down the source, and notes:

The malicious redirect worked even in the Ad Review Center of the Google AdSense dashboard on Google.com site where webmasters may view ads that Google displays on their sites. This problem existed for about a month since the second half of December 2014, but became really widespread last Friday (Jan 9th 2015). By the end of the weekend, Google seemed to have been able to mitigate it.

While there may be notably reduced frequency to the malicious ads, they are still circulating. We have noticed these redirects are still present on other websites as well during the last few days. Google Adsense works by targeting specific ads to a specific viewers. This type of maddening attack, referred to as Malvertising, is hard to track because different users view different ads. The redirects are landing users on pages that appear legitimate, such as a fake Forbes website, but are all contained in different subdirectoriess of lemode-mgz.com, consumernews247.com, and wan-tracker.com.

Frankly, its surprising that Google was able to be exploited on such a large scale. Perhaps the policy of allowing code in their ads that can be easily modified for nefarious purposes should be reviewed.

Noticia:
http://www.tweaktown.com/news/42879/...cts/index.html

[Jorge-Vieira]

Companies need assistance with their efforts to defend cyberattacks

Cybercriminals want to breach US companies, stealing data and customer records, and have found surprising levels of success. Some breached companies eventually discover that criminals spent months poking aroun compromised systems, taking their time before stealing large amounts of data.

image: http://imagescdn.tweaktown.com/news/...berattacks.png

The US government wants companies to be more forthcoming about data breaches once they are discovered, but some companies - if they actually know about it - remain quiet. Companies will be given some leeway if they inform the Department of Homeland Security (DHS) about cybersecurity incidents after they do occur, according to changes the Obama Administration plans to put in place.

"There is an element of embarrassment at work here," said Robert Cattanach, partner at the Dorsey & Whitney law firm, in a statement published by reporters. "But hacking is not a problem that any one company can solve alone."

Noticia:
http://www.tweaktown.com/news/42875/...cks/index.html

[Jorge-Vieira]

UK and US to stage cyber attack 'war games' later this year

The UK and US will stage a number of cyber attack style war games to help strengthen each other's defences. The countries will partake in unprecedented co-operation and share more information than ever before in order to help prepare for future malicious cyber attacks.

Cyber attacks and hacking have been hitting the headlines at an alarming rate and the average person is growing increasingly aware of the calamity such activities can cause. Over the last few weeks there have been notable newsworthy events such as Sony Pictures being hacked by North Korea (allegedly), PS4 and Xbox One users' Xmas fun being spoiled by Lizard Squad and even the US Central Command's Twitter and YouTube accounts being taken over by pro-ISIS hacker. While these three examples might seem trivial, because they involve social media and the entertainment industry, things could be much worse if other targets were vulnerable and fell.

So the UK and US governments will start to test each other's cyber defences as if they were trying to attack starting later this year. Recently GCHQ warned that "British companies are under attack by hackers, criminal gangs and foreign intelligence service," reports Sky News.
The first companies which will be tested by the 'war games' style attacks will be from the financial sector. Famous institutions controlling vast fortunes will be targeted including the Bank of England, City of London and Wall Street firms. Following this stage "further exercises to test critical national infrastructure," will be undertaken, says Downing Street.
Teams taking part in the war games are said to include staff from the likes of the FBI, NSA and MI5. The governments will also be making money available for training its next generation of cyber agents.

Noticia:
http://hexus.net/tech/news/software/...es-later-year/

[Jorge-Vieira]

NSA, GCHQ plan to step up cybersecurity cooperation efforts in 2015

The US National Security Agency (NSA) and British GCHQ intelligence agencies plan to step up their cybersecurity cooperation, as both governments face increasing numbers of cyberattacks. The agencies plan to launch cyber war games to test the cybersecurity of financial institutions, hoping to defend against the "biggest modern threats that we face."

image: http://imagescdn.tweaktown.com/news/...forts-2015.jpg

"We have got hugely capable cyber defenses, we have got the expertise and that is why we should combine as we are going to, set up cyber cells on both sides of the Atlantic to share information," said British Prime Minister David Cameron during a press conference.

Following mass surveillance operations detailed by former NSA contractor Edward Snowden, critics said the US and UK government should focus on beefing up cybersecurity efforts - instead of spying on citizens, residents, and foreign governments - as cyberespionage campaigns target both countries.

Noticia:
http://www.tweaktown.com/news/42893/...015/index.html

[Jorge-Vieira]

Hire a digital mercenary in minutes with Hacker's List

As the public perception of the Internet has shifted over the past decade, so too has the notion of hackers. Once thought of as top secret government agents gone rogue or misguided teens hell-bent on starting World War III, hackers and their skills are much more pedestrian these days.
So much so, in fact, that they’re now coming out of the shadows to offer their services to ordinary citizens.
A site called Hacker’s List recently went live in which people lacking the skills to carry out acts of espionage can seek out digital mercenaries to do the dirty work for them. In the three months since it’s been open, more than 500 job postings have surfaced according to a report from The New York Times.

The list of job postings range from trivial tasks like cracking a mobile game to gain an unfair advantage to hacking into a school database to change a final grade or breaking into a competitor’s database to steal their client list. Those in need are willing to pay anywhere between $10 to up to $5,000 for services rendered.
The publication notes that roughly 40 hackers have signed up to bid on services from 844 registered job posters. The site’s operators takes a cut of each completed job. Payment for a job is held in escrow until the work is complete.
As for the legality of Hacker’s List, that seems to be up for debate. Its creators claim they were advised by legal counsel on how to structure the website to avoid any liability for wrongdoing on either side. After all, is simply providing a meeting place for hackers and those interested in their service a crime?

Noticia:
http://www.techspot.com/news/59433-h...cker-list.html

[Jorge-Vieira]

North Korea's hackers seek theft, retribution against targets

Kim Jong-un became "supreme leader" of North Korea at a young age, and has shown political instability since his reign began in 2011. The North Korean government, meanwhile, has steadily invested time and resources into its Bureau 121 hacker division, aiming to compromise political rivals.

image: http://imagescdn.tweaktown.com/news/...st-targets.jpg

"In the case of the DPRK, the paranoia is amplified to the extreme," according to a commentary written about North Korea's cyberattack motivations on InformationWeek's Dark Reading. It's true that the North Korean government, which strives to maintain full control of its citizens, is suspicious of all outsiders - and launching cyberattacks to steal information has evolved into a valuable asset.

The FBI continues to say North Korea is behind the major data breach of Sony Pictures - and whether the reclusive government is responsible - foreign governments and cybersecurity companies are paying attention to Pyongyang's rising cyberattack capabilities.

Noticia:
http://www.tweaktown.com/news/42896/...ets/index.html

[Jorge-Vieira]

Hackers attack Twitter accounts, state World War III is happening

Some hackers broke into the Twitter accounts of the New York Post and the United Press International, where they said that World War III had been declared by the Pope and that the United States and China were engaged in a serious military battle.

image: http://imagescdn.tweaktown.com/news/...-happening.png

This was obviously a hoax, with both the UPI and New York Post stating their respective Twitter feeds had been hacked by 1PM on Friday, just as US President Barack Obama and UK Prime Minister David Cameron addressed the media about the concerns of cyber security, and the fact they need to increase their online defenses.

The news organizations' Twitter feeds were throwing out some really huge statements, saying that China condemning President Obama's "pivot to Asia" before firing on, and damaging the USS George Washington, which is an American aircraft carrier based in the Pacific. The hacked feeds were also spouting that the US were engaged in "active combat" against China in the South China Sea. One of the tweets read: "US Joint Chief of staff: USS George Washington damaged, US navy now engaged in active combat against Chinese vessels in South China sea". Another tweet said "JUST IN: Xi Jinping: Obama 'condemned' for Asia pivot, 'has forced China to protect its interests through military means".

The UPI had something a little different to say when their account was hacked, stating that Pope Francis had declared "World War III has begun". Quickly after they were posted, the tweets were deleted, with both news organizations acknowledging they had been hacked. Financial markets weren't affected thankfully, but the Navy did come out with a statement confirming that the USS George Washington had not been attacked. Spokesman for House Armed Services committee, John Noonan, said: "Give the hackers this much credit, the George Washington is our permanent Pacific based carrier. They at least did their homework".

Noticia:
http://www.tweaktown.com/news/42909/...ing/index.html

[Filipe]

Pirates defeating watermarks, releasing torrents of Oscar movie screeners

DRM fail: Piracy sites loaded with unprecedented number of Oscar DVD screeners.

[Jorge-Vieira]

Inside GCHQ: Cameras Given Access For the First Time

For the first time ever, GCHQ, the UK’s Government Communications Headquarters, Britain’s equivalent of the NSA, has allowed members of the media access to its offices for the first time.
Sky News and ITV were among those allowed inside, getting unprecedented images from the heart of Britain’s cyber intelligence gathering activities. Sky says that the access was granted following David Cameron’s pledge to allow surveillance personnel deeper access into the public’s communications – potentially banning end-to-end encryption used by communications services like iMessage and WhatsApp.
So I guess we can think of this as something along the lines of, “look, here’s the nice normal people who you can trust having access to your naked pictures and Viagra orders, you have nothing to worry about”.

Noticia:
http://www.eteknix.com/inside-gchq-c...ss-first-time/

[Winjer]

EU Pirate MP releases report on copyright

One of the more exciting developments in copyright law history has been taking place over the past six months. While many governments around the world champion stricter copyright controls thanks to lobbying from select groups of media conglomerates, the European Union is considering reshaping copyright law to make it more versatile in the modern age. Which is why it had German Pirate Party MEP Julia Reda, take a look at it last year and she’s now begun to release certain aspects of her report.Her task was to produce a break down of how effective the 2001 InfoSoc Directive was in addressing copyright. Of course even if it was ideally suited for the time, nearly 15 years have passed since that bill was brought in and the landscape of copyright with relation to the internet has changed dramatically.
“Although the directive was meant to adapt copyright to the digital age, in reality it is blocking the exchange of knowledge and culture across borders today,” Reda’s report reads (via TorrentFreak). In its place, she recommends a new piece of copyright legislation which “safeguards fundamental rights and makes it easier to offer innovative online services in the entire European Union.”

Reda has been active within the Pirate Party since 2009
She went on to highlight that the InfoSoc law had been brought in before social networking existed, before Youtube and many of the peer to peer sharing resources we have today. Clearly this is outdated and with many different countries pursuing their own copyright protective legislation, it’s become a bit of a spaghetti like mess of laws and loopholes.
Understandably so, Reda’s report does highlight the need for copyright protection to prevent artists being ripped off by one another or other groups, but also suggested there should be a provision for artists there are happy to release their work into the public domain. She also calls on the EU to set a maximum length for copyright to run for, thereby preventing some of the trade agreements and bills that governments like the US and UK have tried to push in recent years, which would massively extend copyright in certain situations.
The biggest potential impact from the report in terms of everyday consumers however, is that Reda wants it to be entirely legal to link through to copyright protected content. “Reference to works by means of a hyperlink is not subject to exclusive rights, as it is does not consist in a communication to a new public,” the report reads.
As a side note, the most interest in her work came from lobby groups such as the MPAA and RIAA. Curiously, Reda actually found it difficult to speak to people that these groups claim to represent.

The full report will be made available to the public as of tomorrow.

[Jorge-Vieira]

US penetrated Kim Jong-Un

Made his eyes water
The United States secretly penetrated North Korea's computer systems four years ago which was one of the reasons that Washington knows Pyongyang was to blame for the recent cyberattack on Sony.


According to a National Security Agency (NSA) document, the Times detailed how the US spy agency in 2010 "penetrated directly" into the North's systems via Chinese networks and connections in Malaysia favoured by North Korean hackers. At the time the NSA wanted to get information on Best Korea’s glorious nuclear program, the NSA's clandestine operation switched focus to the growing threat posed by North Korea's hacking capabilities following a destructive cyberattack on South Korean banks in 2013.
Hidden US software provided an "early warning radar" for North Korean activities, and provided the evidence that persuaded President Barack Obama that Pyongyang was behind the Sony hack.
US investigators concluded that North Korean hackers spent two months mapping Sony's computer systems in preparation for what became the biggest cyberattack in US corporate history.
It is not clear why the NSA was unable to warn Sony in advance, but apparently the NSA couldn’t really tell the severity of the attack that was coming.
South Korean has been telling the world that North Korea runs an elite cyberwarfare unit with at least 6,000 personnel, trained in secret government and military programs.
However experts suggest the North's cybercapacity is heavily reliant on China, in terms of both training and the necessary software and hardware.
China Unicom provides and maintains all Internet links with the North, and some estimate that thousands of North Korean hackers operate on Chinese soil.
According to South Korea's National Intelligence Service, more than 75,000 hacking attempts were made against South Korean government agencies between 2010 and September 2014—many of them believed to be from Pyongyang.

Noticia:
http://www.fudzilla.com/news/36780-u...ed-kim-jong-un

[Jorge-Vieira]

Using encryption makes you a terrorist

Spanish judge does not really get it
According to a Spanish Judge if you are encrypting your traffic you are probably a terrorist and the police can raid your home.

In December, as part of “an anti-terrorist initiative” Operation Pandora, over 400 cops raided 14 houses and social centres in Spain. They seized computers, books, and leaflets and arrested 11 people.
Four were released under surveillance, but seven were “accused of undefined terrorism” and held in a Madrid prison.
It turns out that the reasons given by the Judge Javier Gómez Bermúdez to hold seven people in jail “include the possession of certain books, ‘the production of publications and forms of communication’, and the fact that the defendants ‘used emails with extreme security measures, such as the RISE UP server’.
Riseup provides secure email services and online communication tools popular among activists and people opposed to "full pipe monitoring" in the US.
Needless to say Riseup is furious calling the move a Kafkaesque criminalization of social movements, and the “ludicrous and extremely alarming implication that protecting one’s internet privacy is tantamount to terrorism.”
Many of the “extreme security measures” used by Riseup are common best practices for online security and are also used by providers such as hotmail, GMail or Facebook.
The only difference is that Riseup is not willing to allow illegal backdoors or sell our users’ data to third parties.
Apparently the other reason the Judge kept the seven locked up is because one of them had a pdf of the Anarchist Cookbook or had read Against Democracy .
What is interesting about the raids was that the Spanish press rushed to call those arrested “criminal groups”, “terrorists” and “violent ones” and yet there was no indication that that this was the case. The police raids happened a day after the enactment of the the introduction of a restrictive law to criminalise disobedience and protest.
What is also strange is that the Bermúdez could have held the seven on charges connected to actual evidence. There was some indication that the seven were involved with destroying ATMs with homemade bombs during 2012 and 2013, but Judge Bermúdez cited the book and the use of secure email as “evidence” to apply the anti-terrorism law.
In fact, Bermúdez said he was not interested in investigating those attacks, but is more interested in the organization based on possible danger it might pose in the future.

Noticia:
http://www.fudzilla.com/news/36778-u...ou-a-terrorist

[Jorge-Vieira]

Obama sides with Cameron on cryptography stance

Barack Obama, president of the United States of America, has indicated that he largely agrees with UK Prime Minister David Cameron's suggestion that any cryptography which the security services cannot bypass should be outlawed.

Speaking at a press conference alongside Cameron, Obama claimed that 'if we get into a situation in which the technologies do not allow us at all to track somebody we're confident is a terrorist [...] and despite knowing that information, despite having a phone number or a social-media address or email address, that we can't penetrate that, that's a problem.'

'We've been in dialogue with companies and have systematically worked through ways in which we can meet legitimate privacy concerns [while monitoring communications]',' Obama added, while Cameron denied that either of the world leaders was 'trying to enunciate a new doctrine' on surveillance and cryptography in their respective countries.

The press conference comes as Cameron seeks to drum up support for his plans to end privacy in the UK by effectively outlawing any communication system featuring encryption that the national security services cannot bypass. Currently, documents leaked by whistleblower Edward Snowden have suggested that there are types of hardened cryptography - including the open-source GPG, based on Phil Zimmermann's Pretty Good Privacy - which when used properly are immune to attack.

'Cameron’s plans appear dangerous, ill-thought out and scary,' claimed privacy campaigner Jim Killock, executive director of the Open Rights Group, of the PM's pronouncement. 'Having the power to undermine encryption will have consequences for everyone’s personal security. It could affect not only our personal communications but also the security of sensitive information such as bank records, making us all more vulnerable to criminal attacks.'

'He sounded more like [FBI director and anti-encryption campaigner Jim Comey] than anything else the White House has said in the past couple of months,' the Wall Street Journal has quoted former National Security Agency general counsel Stewart Bakers as saying in response to Obama's press conference.

Thus far, Obama has not announced plans for modified laws to curb the use of hard cryptography in the US.

Noticia:
http://www.bit-tech.net/news/bits/20...with-cameron/1

[Jorge-Vieira]

Jimmy Kimmel wants you to give up your password, asks the world on TV

Jimmy Kimmel has taken to the streets of New York City to ask US citizens for their passwords, quite blatantly. What better way for the NSA to secure those passwords, than to mind control Kimmey and get him to ask for them? I jest.




It was all for a sketch obviously, where he asked the general public for their passwords, with most of the public not realizing what they had done until the last minute. I'm sure most of them would be rushing home to change their passwords straight away.

Noticia:
http://www.tweaktown.com/news/42941/...-tv/index.html

[Jorge-Vieira]

New "Skeleton Key" Malware Allows Bypassing of Passwords

Dell’s security group has discovered new malware which they named Skeleton Key that installs itself in the Active Directory and from there can logon as any user. The bad news is it’s almost undetectable at this point, but the good news is it's extremely easy to remove the malware from your computer once it is detected.

It's not all doom and gloom though. The good news is that, in its current form, the malware does not survive a system reboot.

Noticia:
http://www.hardocp.com/news/2015/01/...s#.VL0Y8y6VfS4