Current Location: Home / Archives for Security

Ayatollah’s Website Hacked

September 19, 2008 By Leave a Comment

It looks like international website defacing is on the rise, I have heard several reports over the past few days of international websites being defaced, most of these were religiously oriented sites.  On CNN tonight I found out that the Web site of Iraq’s most influential Shiite cleric was hacked Friday, with the attackers’ messages saying they are Sunnis upset over fatwas, or edicts, issued on the site.

A entity called Group XP placed a video of comedian Bill Maher making fun of Ayatollah Ali al-Sistani and his advice to the Shiite faithful, as well as posting messages on the site.

The hackers said they are upset at the sexual nature of the advice given to faithful allegedly by al-Sistani through a spokesperson. Those who have studied the attack believe that the Maher video is meant to illustrate how such advice promotes mockery of Islam.

Filed Under: Web Development, Web Hosting Tagged With: , ,

Governor Palin’s E-Mail Hack

September 18, 2008 By Leave a Comment

See Added Notes Below:

There were two things that shocked me about Sarah Palin’s email account being hacked, the first was the obvious, that someone would do something so bold and absolutely crazy, ha.  The other thing that really shocked me was that the Governor of a state would actually have a Yahoo email account, ha.  This was the biggest shocker for me!

It is my understanding that this is was her personal account and not her official business or government email account.

I was showing to a friend yesterday how easy it is to locate these “brute force” password cracking applications on questionable websites and how easy they were to use to get into applications like email, etc.

Here’s an article that I found on Wired.com regarding the attack and some notes about the guy who hacked in:

A person claiming to be the hacker who obtained access to Alaska Gov. Sarah Palin’s private Yahoo e-mail on Tuesday has posted a supposed first-person account of the hack, revealing the relatively simple steps he says he took to crack the private e-mail of the Republican vice-presidential candidate.

The story was briefly posted Wednesday to the 4chan forum where the hack first surfaced. Bloggers have connected the handle of the poster, “Rubico,” to an e-mail address, and tentatively identified the owner as a college student.

As detailed in the postings, the Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.

The simplicity of the attack, of course, makes it no less illegal.

Source: Palin E-Mail Hacker Says It Was Easy | Threat Level from Wired.com
Source: Memo to US Secret Service from The Register

Added Notes: From The Register…

Updated Memo to law enforcement investigators tracking down who broke into Sarah Palin’s Yahoo email account: Gabriel Ramuglia might be a good place to start.

The 25-year-old webmaster and entrepreneur is the operator of Ctunnel.com, the browsing proxy service used by the group that hacked into the vice presidential candidate’s personal email account and exposed its contents to the world. While he has yet to examine his logs, he says there’s a good chance they will lead to those responsible, thanks to some carelessness on their part.

“Usually, this sort of thing would be hard to track down because it’s Yahoo email, and a lot of people use my service for that,” he told El Reg in a phone interview. “Since they were dumb enough to post a full screenshot that showed most of the [Ctunnel.com] URL, I should be able to find that in my log.”

Ramuglia got into the proxy business a few years ago, after schools began blocking access to an online game site he used to co-own. Pretty soon, people began using the proxy service to access YouTube, Gmail, MySpace, and dozens of other sites that are routinely blocked by IT departments.

To prevent abuse of the service – such as the occasional bomb threat or other illegal act that’s been known to happen – Ramuglia logs each user’s IP address, along with the time and web destination. That often isn’t enough to track down people who access extremely popular websites. But in this case, the perpetrators included a whole string of random-looking characters when posting screenshots of Palin’s hacked account. That will probably be enough for him to pinpoint the proverbial needle in the haystack.

The information at the moment is on a server at a Chicago colocation site owned by FDC Servers. Logs are automatically flushed after seven days, so the clock is ticking for law enforcement, who presumably are under intense pressure to protect the privacy of a candidate for the White House. Of course, there’s always the possibility that Ctunnel.com was only one of multiple anonymization services the email hackers used to cover their tracks, but there’s only one way to find out.

Ramuglia said if he is contacted by law enforcement officials he will probably give them the information they seek. At time of writing, he’s received no inquiries from any law enforcement agencies, he said.

The breach of Palin’s account “is pretty clearly against my terms of service,” he said. “As exciting as it is to be in the news, this is not the type of activity I can encourage by any means.”

Update

Within hours of this story posting, Ramuglia received a phone call from an FBI special agent from the Anchorage, Alaska, field office.

“He just wanted to make sure I wasn’t losing the logs,” Ramuglia said, referring to the special agent. The two are scheduled to speak again soon to coordinate the turning over the logged information.

What’s more, Wired.com has a story here detailing a now-removed post to the 4chan website in which a person claiming to the hacker who accessed Palin’s email “used only a single proxy service to hide his IP address.” Oops. ®

Filed Under: Email Solutions Tagged With: ,

U.S. Cyberattacks?

August 18, 2008 By Leave a Comment

Just reading CNN.com this morning (my morning ritual) and ran across this news report that was apparently filed earlier this morning and I thought it was pretty interesting.  This isn’t anything that those of us in the hosting industry haven’t been hearing off and on since 9/11 but given what happened to Georgia just prior to Russia’s invasion I think that Cyberattackers are something we are probably going to have to take a closer look at, especially from a security standpoint with our financial institutions and governmental clients.  Here’s the story from CNN.com:

(CNN) — The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.

Cyberattackers shut down one Georgian government site and defaced another with images of Adolf Hitler. Instead, such an assault may be carried out in cyberspace by shadowy hackers half a world away. And Internet security experts believe that it could be just as devastating to the U.S.’s economy and infrastructure as a deadly bombing.

Experts say last week’s attack on the former Soviet republic of Georgia, in which a Russian military offensive was preceded by an Internet assault that overwhelmed Georgian government Web sites, signals a new kind of cyberwar, one for which the United States is not fully prepared.

“Nobody’s come up with a way to prevent this from happening, even here in the U.S.,” said Tom Burling, acting chief executive of Tulip Systems, an Atlanta, Georgia, Web-hosting firm that volunteered its Internet servers to protect the nation of Georgia’s Web sites from malicious traffic.

“The U.S. is probably more Internet-dependent than any place in the world. So to that extent, we’re more vulnerable than any place in the world to this kind of attack,” Burling added. “So much of what we’re doing [in the United States] is out there on the Internet, and all of that can be taken down at once.”

“This is such a crucial issue. At every level, our security now is dependent on computers,” said Scott Borg, director of the United States Cyber Consequences Unit, a nonprofit research institute. “It’s a whole new era. Political and military conflicts now will almost always have a cyber component. The chief targets will be critical infrastructure, and the attacks will emerge from within our own computer systems.”

Hackers mounted coordinated assaults on Georgian government, media, banking and transportation sites in the weeks before Russian troops invaded. Known as distributed denial of service, the attacks employ multiple computers to flood networks with millions of simultaneous requests, overwhelming servers and crippling Web sites.

Hackers shut down the Web site of the Georgian president, Mikheil Saakashvili, for 24 hours and defaced the Georgian parliament site with images of Adolf Hitler. Saakashvili blamed Russia for the attacks, although the Russian government said it was not involved.

Web sites and computer networks have been targeted by hackers for decades, although large-scale, coordinated cyberattacks are still a relatively new phenomenon. Some Internet-security experts believe that the Georgia conflict marks the first time a known cyberattack has coincided with a ground war, but others said that similar computer attacks have accompanied military operations in the Middle East and elsewhere.

The challenge to U.S. security experts is that such attacks can be mounted anonymously, and relatively cheaply, from anywhere in the world. Georgia’s attackers employed “botnets,” or malicious automated programs that take root undetected in far-flung computers and barrage their targets with useless data. By last Friday, some of those botnets were originating from Comcast Internet addresses in the United States, Burling said.

“It only takes a couple of experts; it doesn’t take a whole cyber infantry division to pull something like this off,” said Don Jackson, director of threat intelligence for SecureWorks, an Atlanta-based computer security firm. “For a very small investment in resources, you can have a huge impact.”

In the United States, government computer networks parry millions of attempted intrusions every day, Internet-security experts say. The U.S. Department of Homeland Security created a National Cybersecurity Center this year to coordinate federal cyberdefense efforts and quicken responsiveness. However, a recent Homeland Security Department intelligence report, obtained by The Associated Press, concluded that there are no effective means to prevent a coordinated attack on U.S. Web sites.

“When it comes to our government IT security, we’re pretty strong in protecting against [attacks],” Homeland Security spokesman William R. Knocke told CNN. “But I wouldn’t say … we’re 100 percent impenetrable.”

So what would a cyberattack on the United States look like? And where is the U.S. most vulnerable? It depends on who you talk to.

Borg does not believe that the U.S. is susceptible to the kind of attacks launched at Georgia.

“We can command so much bandwidth that it’s hard to overwhelm our servers,” he said. “We are vulnerable to more sophisticated attacks, but right now most of the people who want to do us harm don’t have those capabilities.”

The Web sites of key government security agencies, such as the Pentagon and the Central Intelligence Agency, are difficult to bring down, experts said. So are the computer networks of large American banks. But experts say a successful, large-scale attack on U.S. computer systems could hobble electric-power grids, transportation networks and industrial-supply chains.

“You’d see some disruption of essential services, like electricity. You’d definitely see espionage,” said James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “Would it be decisive? No. Nobody’s going to win a conflict with the United States in cyberspace. But would it be disruptive and irritating? Yes.”

Federal researchers who launched an experimental cyberattack last year in Idaho caused a generator to self-destruct, prompting fears about the effect of a real attack on the nation’s electrical supply.

And a May report by the Government Accountability Office found that the Tennessee Valley Authority, which supplies power to almost 9 million people in the southeastern U.S., had not installed sufficient cybersecurity measures. Spokesman Jim Allen said the TVA, the nation’s largest publicly owned utility company, is “on track” to correct the problems.

What frustrates computer-security experts is that the features that make the Internet such an invaluable resource — its openness and interconnectedness — also make it easier for hackers to do harm. As a staple of 21st-century warfare, cyberattacks will become increasingly sophisticated, forcing governments and private industry to build ever-stronger firewalls and other defenses, experts said.

Also, vague international laws and a lack of accountability will continue to make tracking down and prosecuting cyberattackers difficult.

“We don’t know quite what the rules are for this kind of conflict. If it’s spying, it’s illegal. But is it an act of war? And who do you arrest?” Lewis asked. “We’re much safer [in the U.S.] than we were a year ago. But we still have a long way to go.”

U.S. at risk of cyberattacks, experts say – CNN.com

Filed Under: Web Hosting Tagged With: , , ,

Elaborate Facebook Worm…

August 15, 2008 By 1 Comment

I was just talking to Brent Worley and he was telling me about a friend of ours that had their Facebook Account Hacked somehow and they were wall posting executables, etc.

I have been pretty busy lately and hadn’t heard of anything like that out there so I did a little research and came upon this on Techrunch, pretty interesting, I guess I never really gave a whole lot of thought toward malware inside of social networks, etc.  If Facebooks developers are having to deal with this can you imagine what all is going on inside of MySpace? ha…

Update: Facebook responds to malware attacks.

Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.

The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.

A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.

Elaborate Facebook Worm Virus Spreading

Filed Under: Social Media / Web 2.0 Tagged With: ,

Harvard University Website Hacked

February 21, 2008 By Leave a Comment

I ran into this article on the WHIR this morning and thought that it was pretty comical.  Their website for their Graduate School or the Arts was compromised on Sunday, and don’t get me wrong that parts not funny by any means, but the comedy of this story is how they were hacked. 

Apparently some of the university data files were made available on a peer to peer file sharing network.  Some of these files contained logins and passwords for some of the systems administrators.  Ooops, how could something like that happen?  I bet there are some folks at Harvard being asked some tough questions this morning…

Web Host Industry News | Harvard University Website Hacked

Filed Under: Web Hosting Tagged With: , ,

Valentine’s Day Worm Email…

February 12, 2008 By Leave a Comment

I am signed up to receive alerts and security notifications from the FBI and CERT when there are potential threats to Internet and email security, this one came down today and I have heard a lot of buzz about it the past few days so I thought that it was worthy to post a note here about it, I am not typically a fan of forwarding emails about potential viruses, etc., so I figured I would post this message here, take heed and don’t fall victim to this thing:

Typically by the time people get around to their email to warn friends about an email bug or virus that’s gaining widespread status, anti-virus and malware protection software providers have already pushed out updates to users desktop applications that will protect their subscribers from the threat, sometimes emails are still floating around warning of viruses that are a year old if not older and causing a lot of un-needed distress, sorry for the rant but it’s one of my pet peeves.  The only reason I am giving merit to this one is because it has been sent to me from two reliable sources, the FBI and the BBB (Better Business Bureau), and oh yeah, my mom forwarded me a note about it this morning.  I would say that the word is probably already out on this thing. :-)  

Internet Alert: St. Valentine’s Day E-Card Carries Storm Worm Virus

If you unexpectedly receive a Valentine’s Day e-card, be careful. It may not be from a secret admirer, but instead might contain the Storm Worm virus.

With the holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine’s Day has been identified as the next target.

Be wary of any e-mail received from an unknown sender.
Do not open any unsolicited e-mail and do not click on any links provided in these e-mails.

Filed Under: Email Solutions, Press Releases Tagged With:

Book Review: Maximum Apache Security

January 13, 2008 By Leave a Comment

About a year or so ago we were working pretty hard with our server admin to harden our servers against potential threats such as remote shell executions, bots, and xss vulnerabilities.  It was a frustrating time for me because there were a lot of elements that I couldn’t get my mind around, fortunately our server admin Matt is a hoss when it comes to Apache and that helped a whole lot.  To get myself up to speed on Apache a lot better I picked up this book and really learned a lot from it.  I recommend it to anyone who is thinking of getting their own server or who is tasked with managing a high end enterprise web server that runs apache.  It’s also a great reference tool that I sometimes refer back to from time to time.

Maximum Apache Security

ASIN: B000C4SQWS
Filed Under: Book Reviews Tagged With: , , , ,

FBI Investigates Ticket Site “Attack”

October 29, 2007 By Leave a Comment

Ran across this article on WHIR this morning and thought that it was pretty interesting.  Apparently a website operated by The Colorado Rockies that handles ticketing for their games had some issues staying online while a lot of people were trying to get tickets to the world series games, here is a Link to Web Host Industry News | FBI Investigates Ticket Site “Attack” and an excerpt:

“We have initiated an investigation into whether or not the server [used in selling the tickets] was compromised deliberately … whether or not there was a deliberate intrusion [that] compromised the site,” said Laura Eimiller, spokeswoman for the FBI in Los Angeles, California.

The server was operated by Irvine, California-based Paciolan, the vendor for selling the World Series tickets. Eimiller says agents have contacted Paciolan officials. While she could not say whether the investigation was triggered by a complaint by the Rockies, she did mention that the FBI had received “a number of calls” regarding the site crash.

The website apparently received about 8.5 million hits on it that were registered in their logs or analytical suite but the provider hosting the site / application reported that there was an external malicious attack on the site that brought it down.  The FBI is looking into the issue, not for sure where a report on their findings will be posted, if it is at all, but this just goes to show the world that we live in these days.  The article goes on to say that despite the slow processing times for ticket purchases, 50,000 tickets were sold just after a few hours of launching it.  wow!

Filed Under: Web Development, Web Hosting Tagged With: ,

Hackers Steal Data from Monster.com

August 27, 2007 By Leave a Comment

I actually heard about this yesterday on CNN.  Not good at all.  I haven’t been able to get any real technical details on the breach other that reports from Symantec and a few others saying that it’s a big one…  Why would Monster.com be a target for Hackers?  I don’t get that one…

Link to Web Host Industry News | Hackers Steal Data from Monster.com

Filed Under: Web Hosting Tagged With:

Credit card breach exposes 40 million accounts

July 27, 2007 By Leave a Comment

In what could be the largest data security breach in the world to date, information on 40 million credit card accounts might have been stolen. The massive breach follows several high-profile data loss incidents that potentially exposed American consumers to identity theft. The incident also comes as the public expresses increasing concern over identity theft.

I think that something that needs to be brought to the attention of consumers is that in instances like this, it wasn’t the actual online process itself that failed, the issue came from the backend card processor that the website transmits information to for authorizing a transaction.  In my opinion, the Government needs to step in and enforce stronger regulations for security for these processing companies.  Pleth primarily uses two processing companies, three really if you want to count PayPal.  We only deal with processors that we know are reputable and maintain stringent security practices.

Link to Credit card breach exposes 40 million accounts | CNET News.com

Filed Under: Web Development, Web Hosting Tagged With:
Newer Posts »