ISraeli Power Grid Authority SuffeR FrOm MasSive cyber attack

The country which built a Digital Iron Dome, Israel had undergone one of the largest serious cyber attack this year.

This time, the name of Israel is being popped up in the current headlines is for the massive cyber attack which triggered against the Nation's Electrical Power Grid Authority's Network.

"Yesterday we identified one of the largest cyber attacks that we have experienced," Energy Minister Yuval Steinitz confirmed at the CyberTech 2016 Conference at the Tel Aviv Trade Fair and Convention Center on Tuesday, according to an article published by The Times of Israel.

"The virus was already identified and the right software was already prepared to neutralize it," Steinitz added. "We'd to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over...but as of now, computer systems are still not working as they should."

Severe Cyber Attack on Israel Electricity Infrastructure

The 'severe' attack occurred earliest this week, as Israel is currently undergoing record-breaking electricity consumption for last two days with a demand of 12,610 Megawatts due to the freezing temperature, confirmed by Israel Electric Corporation. 

However, the officials did not comment upon the perpetrators as they do not suspect any currently, but they did tell Israeli newspaper Haaretz that '[they] are going to solve this problem in the coming hours.'

In Mid-July 2015, the Israel's National Cyber Bureau had already warned about the computer-based hacking attacks, which shut down portions of the country's electricity grid.

The identity of the suspects behind this attack has not been known, neither the energy ministry provides any details about how the attack was carried out.

However, a spokesperson for Israel's Electricity Authority confirmed some of its computer systems had been shut down for two days due to the cyber attack.

Previous Known Cyber Attacks on SCADA Systems

Israel had been the continual victim for many of the cyber attacks previously like OpIsrael (a coordinated attack by anti-Israeli Groups & Palestinians), which was conducted on 7th April 2013, on the eve of Holocaust Remembrance Day with the goal of "Erase Israel from Internet."

Another attack on the Israeli Civilian communication was carried out by Iran & Hezbollah Group last year.

In response to these attacks, Israel had broadened their skills to combat cyber war and become a center for cybersecurity, R&D Labs with multinationals from the US, Europe, and Asia. Israeli Cyber Security firms claimed to export $3 Billion last year.

A similar incident of power outbreak took place a couple of months back in Ukraine on 23rd December, when the country's SCADA system was hit with a trojan named BlackEnergy that resulted in the total power cut across the region named Ivano-Frankivsk of Ukraine.

This Article has been written by our editorial intern. Special Thanks to Rakesh Krishnan for covering this article.

HaCk AnYthiNg

Hackers caused power cut in western Ukraine - US

Hacked an PowerStation

A power cut in western Ukraine last month was caused by a type of hacking known as "spear-phishing", says the US Department of Homeland Security (DHS).

The attack caused a blackout for 80,000 customers of western Ukraine's Prykarpattyaoblenergo utility.

Experts have described the incident as the first known power outage caused by a cyber attack.

Ukraine's state security service has attributed the attack to state-sponsored hackers from Russia.

DHS said the "BlackEnergy Malware" used in the attack appears to have infected Ukraine's systems via a corrupted Microsoft Word attachment.

Hacker Can Do Anything

The same code was detected in 2014 within systems at US facilities but there was no known successful disruption to the US grid.

---

What is spear-phishing? Jane Wakefield, BBC Technology

There are lots of sophisticated ways that hackers can break into systems but often the most effective ones are the simplest. Spear-phishing is a highly targeted attack aimed at specific individuals or groups within an organisation and it works because it is trading on human curiosity and vulnerability - simply asking someone to open an email.
That email, once opened, will either contain an attachment or a link to a website - which may appear perfectly legitimate but will in fact contain malware.
Often the hacker may have personal information about the target to make the email more believable - it may refer to the target by name for example.
The malware allows the computer to be taken over remotely. The user may be none the wiser - often hackers provide a decoy document that will hide any malicious activity.

---

Crimea, the region annexed from Ukraine by Russia, has suffered repeated power cuts since Russia seized the territory in March last year. Russia has blamed pro-Ukraine saboteurs for the outages.
Independent analysts have linked the recent spear-phishing attack to Russia. iSight Partners, a US security firm, said the probable culprit was the so-called "Sandworm Team", a Russian hacking group it has been tracking for more than a year.
"We have linked Sandworm Team to the incident, principally based on BlackEnergy 3, the malware that has become their calling card," John Hultquist, director of cyber espionage analysis at iSight Partners, said in a blog post.
A report released by Washington-based SANS Inc over the weekend concluded hackers had probably caused Ukraine's six-hour outage by remotely switching breakers in a way that cut power
The attackers are also believed to have spammed the Ukrainian utility's customer-service centre with phone calls in order to prevent real customers from highlighting the issue.

BAckdoor in Baidu Android SDK

BAckdoor in Baidu Android SDK

Vulnerability in Android

The China's Google-like Search Engine Baidu is offering a software development kit (SDK) that contains functionality that can be abused to give backdoor-like access to a user's device, potentially exposing around 100 Million Android users to malicious hackers.

The SDK in question is Moplus, which may not be directly available to the public but has already made its way into more than 14,000 Android apps, of which around 4,000 are actually created by Baidu.

Overall, more than 100 Million Android users, who have downloaded these apps on their smartphones, are in danger.

Security researchers from Trend Micro have discovered a vulnerability in the Moplus SDK, called Wormhole, that allows attackers to launch an unsecured and unauthenticated HTTP server connection on affected devices, which works silently in the background, without the user's knowledge.

This unsecured server does not use authentication and can accept requests from anyone on the Internet. Though the server is controlled by the attacker, who can send requests to a particular port of this hidden HTTP server to execute malicious commands.

Malicious Functionalities of Wormhole

Currently, the researchers have identified that the SDK is using the port 6259 or 40310 to perform malicious activities on affected Android devices, which includes:

• Send SMS messages
• Make phone calls
• Get mobile phone details
• Add new contacts
• Get a list of local apps
• Download files on the device
• Upload files from the device
• Silently install other apps (if the phone is rooted)
• Push Web pages
• Get phone's geo-location, and many more

Since the SDK automatically installs the Web server when a Moplus SDK app is opened, hackers just need to scan a mobile network for port 6259 or 40310, thereby finding vulnerable devices they can abuse.
Also Read: Android Malware Can Spy On You Even When Your Mobile Is Off

Wormhole is More Dangerous than Stagefright 

The vulnerability, according to researchers, is potentially easier to exploit than the Stagefright flaw, as Wormhole doesn't require social engineering to infect an unsuspecting user.

Trend Micro has also found at least one malware strain (detected as ANDROIDOS_WORMHOLE.HRXA) in the wild that takes advantage of Wormhole in Moplus SDK.

Researchers informed both Baidu as well as Google of the vulnerability.

As a result, Baidu has just pushed a partial fix for the problem by releasing a new version of the SDK that removed some of the SDK's functionality, but not all. The HTTP server remains online and active; however, Baidu assured its users that no backdoor exists now.

Must Read: Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

This isn't the first time a Chinese company has caught distributing malicious SDK. Just a few days ago, the Taomike SDK – one of the biggest mobile ad solutions in China – was caught secretly spying on users' SMS messages and uploading them to a server in China.

The same malicious functionality was also discovered two weeks back in another SDK developed by Youmi; that affected 256 iOS apps, which were caught using private APIs to collect users private data. However, Apple eventually banned those apps from its App Store

RecentHacks

china-hacker-malware

Chinese Isps Caught Injecting Ads And Malware

Chinese Isps Caught Injecting Ads And Malware

China has gained a considerable global attention when it comes to their Internet policies in the past years; whether it's introducing its own search engine dubbed "Baidu," Great Firewall of China, its homebrew China Operating System (COP) and many more.

Along with the developments, China has long been criticized for suspected backdoors in its products: Xiaomi and Star N9500 smartphones are top examples.

Now, Chinese Internet Service Providers (ISPs) have been caught red-handed for injecting Advertisements as well as Malware through their network traffic.

Three Israeli researchers uncovered that the major Chinese-based ISPs named China Telecom and China Unicom, two of Asia's largest network operators, have been engaged in an illegal practice of content injection in network traffic.

Chinese ISPs had set up many proxy servers to pollute the client's network traffic not only with insignificant advertisements but also malware links, in some cases, inside the websites they visit.

If an Internet user tries to access a domain that resides under these Chinese ISPs, the forged packet redirects the user's browser to parse the rogue network routes. As a result, the client's legitimate traffic will be redirected to malicious sites/ads, benefiting the ISPs.

Here's How Malware and Ads are Injected

In the research paper titled 'Website-Targeted False Content Injection by Network Operators,' the Israeli researchers wrote that the tactic has now expanded to core ISPs – the Internet companies that interconnect edge ISPs with the rest of the ISPs globally.

These ISPs have set up specialized servers that monitor network traffic for specific URLs and move to alter it, no matter the end users are their customers or not.

Methods of Injection:

Various methods had been adopted by ISPs to infiltrate the legitimate traffic. Some of them are:

1- Out of Band TCP Injection

Unlike in the past when ISPs modified network packages to inject ads, the network operators send the forged packets without dropping the legitimate ones.

Interestingly, instead of interception or rewriting of network packets, cloning of HTTP response packets had been adopted by ISPs to replicate the infection. The ISP clones the legitimate traffic, modifies the clone, and then sends both packets to the desired destination.

So ultimately, there are 2 packet responses generated for a single request. Hence, there is a chance of forged packet to win the race, while legit packet reaches at last.

Since the cloned traffic will not always arrive at the end users before the legitimate one, the injected traffic is harder to detect.

But a serious analysis with netsniff-ng would knock out the fake packets.

2) HTTP Injection

HTTP is a stateless client-server protocol that uses TCP as its transport. As TCP only accepts the initial packet upon its receival and discards the second, there is a chance to receive the fake packet in first place; if infection had been taken place.

Here, the user might get a response with HTTP Status Number 302 (Redirection) instead of HTTP Status Number 200 (OK) and would be re-routed to the other non-legit links.

How to Identify Rogue Packets?

1) IP Identification

IP identification value does contains a counter that is sequentially incremented after each sent the packet.

The forged packet returns soon after making a request that masquerades as a legit packet. But the time stamp in each packet would provide enough evidence to eliminate the rogue packet.

The forged packet is the one that has the largest absolute difference between its identification value and the average of the identification values of all the other packets

2) TTL (Total Time to Live)

Each received packet contains an initial value set by sender that calculates the number of hops covered by the packet during the transmission.

If packet is received with different number of hop counts, then it would clearly draws a line between the legit and illegit ones.

The forged packet is the one that has the largest absolute difference between its TTL value and the average of TTL values of all the other packets

3) Timing Analysis

Time stamp in the packet captured by the monitoring systems at the entrance to the Edge network would figure out the genuinity.

The data packet with apparent time close proximity would differentiate the legitimate packets from the forged packets with unmatched arrival time.

List of the Infection Groups

In general, 14 different ISPs had been discovered with malicious background, and out of these 10 are from China, 2 from malaysia, and 1 each from India and United States.

Following are the injection groups and their characteristics:

1. Hao – Referred the user to hao123.com itself, but using an HTTP 302 response mechanism to infect users.

2. GPWA – The genuine website of Gambling had been forged to another web domain which intelligently redirects the traffic to 'qpwa' (sometimes, public would not find the difference between 'q' and 'g').

The forged content here includes a JavaScript that refers to a resource having the same name as the one originally requested by the user, but the forged resource is located at qpwa.org registered to a Romanian citizen.

3. Duba Group – The injections in this group add to the original content of a website a colorful button that prompts the victim to download an executable from a link at the domain duba.net.

The executable is flagged as malicious by several antivirus vendors.

4. Mi-img – In these injected sessions, the client, which appears to be an Android device, tries to download an application. The redirected response navigates into an online bot database that had been identified by a BotScout lookup.

5. Server Erased – In this group, the injections were identical to the legitimate response but the original value of the HTTP header 'Server' is changed.

Motive Behind the Attack

Both the advertising agencies and the ISPs are benefited by redirecting user's traffic to the corresponding sites.

This practice would mark an increase in advertisement revenue and other profits to advertisers and ISPs.

During their research, the researchers logged massive amounts of Web traffic and detected around 400 injection incidents based on this technique.

Most of these events happened with ISPs in China and far east countries, even if the traffic originated from Western countries, meaning a German user accessing a website hosted in China is also susceptible to having his/her traffic injected with ads or malware.

How to Mitigate?

Since the companies that engage in such practices are edge ISPs - the final network providers that connect users to the Internet, users can change their Internet provider.

However, the simplest way to combat this issue is for website operators to support HTTPS for their services, as all the websites that infect users are SSL-less.

The sites that supply malicious URLs are not guarded by SSL Shield, making them vulnerable to carry out the illegit things.

Therefore, usage of HTTPS-based websites would block such kinds of attacks, so users are advised only to stick to SSL sites.

Delivering the illegit content, or redirecting the crowd to stash the cash would end up losing the public trust on the technologies.

Tips & Tricks: 6 ways to keep your Facebook account clean, secure and private

• Got hundreds of Facebook friends you hardly know? Now is a good time to do some digital cleanup, while the year is still fresh.
  
  Review your security and privacy settings, and make sure those casual acquaintances you met at a bar eons ago aren't still getting the most intimate details of your life. Get rid of games and apps that might have latched onto your account years ago, but that you no longer use.
  
  

    
  
  
  
  

  Here are six cleanup tips:
  1. Secure your account
• You've doubtless heard you should have a strong password. It's especially important for email and social-networking accounts because so much of your digital life revolves around them. Plus, many other services let you log on using your Facebook account, so if that gets compromised, so will your other accounts.
  Because passwords are tough to manage, it's best not to rely solely on them. Turn on what Facebook calls Login Approvals. It's in the account settings under "Security." After you do so, you're asked for confirmation — entering a special number sent to your phone — when signing on from a new device. 

  
  
  
   
• Unless you switch devices often, this is something you set up once and forget about. And no one else can log in with your password unless they also have your phone and that special number.
• 
  
  Review your privacy settings
  Facebook offers a series of quick privacy "shortcuts." On desktops and laptops, look for the small padlock on the upper right corner of the browser. On Apple and Android devices, access shortcuts through the menu — the three horizontal bars. 
  The key shortcut is "Who can see my stuff ?" See whether you've been inadvertently broadcasting your musings to the entire Facebook community. You'll probably want to at least limit sharing to "Friends" rather than "Public," though you can customize that further to exclude certain individuals or groups — such as co-workers, acquaintances or grandparents. When sharing, remember that less is more. 
  

  
  

  
  

  

  
  
  

  
  
  While you're at it, check "Timeline and Tagging" in your account settings from a PC or mobile. You can insist on approving posts that people tag you in. Note that this is limited to what appears on your personal timeline; if Mary tags you in a post, Mary's friends will still see it regardless of your settings. That includes friends you may have in common with her.
  If you're on a desktop or laptop, Facebook has a Privacy Checkup tool to review your settings. Look for that padlock. This tool is coming soon to mobile.

  Make enemies... or at least unfriend some

   Purge friends you're no longer in touch with. If you think "unfriending" is too mean, add them to an "Acquaintances" or "Restricted" list instead. "Acquaintances" means they won't show up in your news feed as often, though they'll still have full access to any posts you distribute to your friends. "Restricted" means they'll only see posts you mark as public. Either is effectively a way to unfriend someone without dropping any clues you've done so.

  

   You can also create custom lists, such as "college friends" or "family." This is great for oversharing with those who'll appreciate it, while not annoying everyone else you know and putting yourself in danger of becoming an "acquaintance" yourself. You can create lists on a traditional PC by hitting "More" next to "Friends" to the left of your news feed. Individuals can be in multiple groups. Capabilities are limited on mobile devices, although changes you make on the PC will appear on your phone or tablet.

   Watch those apps

   Perhaps someone invited you to play a game a few years ago. You tried it a few weeks and moved on, yet the app is still getting access to your data. Or perhaps you've used Facebook to log onto a service you no longer use, such as one to track the 2014 Winter Olympics. It's time to sign out. If you're not sure you still use it, drop it anyway. You can always sign on again.

  The Privacy Checkup tool on PCs will review apps for you automatically. On mobile devices, look for "Apps" in the account settings (not "Apps" in the main menu).

  

   A related option is the Security Checkup tool. It's an easy way to log out of Facebook on devices you rarely use. You can also enable alerts when someone tries to sign on from a new device or browser. To run this, go to http://Facebook.com/securitycheckup on a PC. On the Android app, you can search for "security checkup" in the Help Center. On iPhones and iPads, you'll have to find the options individually in the account settings under "Security."

  Control your data

   You can exert some influence over whose posts you see more or less often by going to "News Feeds Preferences." The setting is on the top right on browsers and Android apps and on the lower right on iPhones. Here, you can select friends who'll always show up on top, or hide someone's posts completely.

  Finally, if you're worried about data usage, you can stop videos in your news feeds from playing automatically. 

  

  On Android, go to "Autoplay" in the "App Settings." On iPhones, it's in the account settings under "Videos and Photos."
  Plan ahead

  Two settings might eliminate grief later in life ... or death.

   In the security settings, you can designate certain friends as trusted contacts. They'll have power to help you if you get locked out of your account for some reason. You can also designate a "Legacy Contact" — a family member or close friend who'd serve as your administrator should you, um, make your last status update (as in, ever). 

  

  
  They won't be able to post on your behalf or see your messages, but they'll be able to respond to new friend requests and take a few additional actions on your deceased behalf.

  
  

  
  

What is Hacking

In the Cyber security world,the person who is able to discover  a weakness in the system and manages to exploit it to accomplish his goal(Good or bad) is referred as  a "Hacker",and the process is referred as Hacking.

Nowadays,People think that hacking is only hijacking Facebook accounts or Defacing websites. Yes,it is also part of hacking field but it is also part of hacking field but it doesn't mean that it is all there is. This is not event the tip of  the iceberg.

 So what is exactly hacking and what should you do to Become a hacker? That is exactly what this app is for.The only thing you need to become a hacker is interest and dedication.You should always be ready to learn something new and learn something new and learn to create something newer.

Hacking is the practice of Modifying the features of a system or finding a loophole, in order to accomplish a goal outside of the creator's original purpose.

Due to the  mass attention given to the so called "Blackhats" or "Crackers"  from the media, the reputation of all hackers ,even the good ones damaged. That is what is for this is -To turn the image around.Hacking is always viewed as something shrewd and illegal.This is almost  never the case. A few bad guys doing a few bad things has put  a bad name for the entire community.This doesn't have to be so,which is why I've made this blog.

The Good:

The question remains, is government surveillance good or bad? Critics would say that surveillance has the potential of creating a lot of good for the country. And while whistle-blowers tend to demand full transparency from the government, there may be times when quiet surveillance is needed and warranted and times where it is just an unnecessary invasion of privacy. The government says surveillance is important for catching terrorists and protecting ‘national interest’, whatever that means.
          Well, won’t it be in the ‘national interest’ of a country to say, take over the world? In my opinion, they should start by giving remotely useful answers. Anyways, say if the US government had received surveillance on the 9-11 bombers and had been able to remove that threat, it would have definitely saved thousands of lives. That makes surveillance look quite important on paper, in practice not so much. We will probably never know what all similar instances are/were stopped by government surveillance. While it tends to infringe on our freedoms at times, it is still arguably necessary in the right circumstances, however few they may be. That is the only ‘good’ and unless the government can walk this fine line, it’s going to be terribly wrong.
         Let’s take an example, say a lot of internet traffic from all over the world passes through one country. Does that mean that country has the right to tap every line and go through millions of private messages to see if they can spot a terrorist? First of all this takes a thick wallet (not to mention forgetting the constitution). The country needs to decide whether this money can be used elsewhere. No matter what the pros and cons, it just comes down to whether or not they are willing to sacrifice the population’s privacy to protect them and whether or not they are willing to do something bad to protect against something worse. And that’s the main problem, we can’t say yes to surveillance because that would mean a direct invasion of privacy for the entire population and we can’t say no because it does have a very real potential to be quite useful in some situations. For example, OsamaBinLaden’s location was found after a decade of search, through satellite surveillance and some undercover ground missions. We’ll be circling the same stuff over and over again when it comes to government surveillance. It’s good only when done EXACTLY right. Keeping the citizens aware about at least the outlines of any surveillance program should be step 1.

Come to think of it, eventually an average person won’t care if some fat old government official is reading his emails. But that’s because, the average person doesn’t discuss ways to crash a plane in a building and the government will probably not find anything useful so it’s not even worth looking into. All in all, are we willing to neglect the possibility that a major terror incident may be prevented because of government surveillance? You decide.
(Although terrorists probably don’t discuss terror tactics on facebook or gmail, their messages, if any, go through the same internet wires as any normal messages. Perhaps they use TOR email services, not that I would know. Anyways, these can be tapped and the messages can be decrypted which may provide the government valuable intel.)

The Bad:

Obviously, government surveillance is not all good and causes many problems for the people. The first major concern is the fact that government surveillance may limit the creation of new and controversial ideas amongst the people. This is a direct hit on the intellectual freedom of the people. The next thing we need to realize is the shift of power that government surveillance creates.
Say, some government official leaks information that clearly indicates that the ruling party is planting false ideas and facts against the opposition party, isn’t this crossing the line? Perhaps they may even be paying large and trusted facebook groups to spread false facts that favour their own party. Although there is no evidence to support this possibility, there’s no evidence against it either.
The advancements in technology have also made it very easy for government agencies to abuse the power of surveillance. This technology, when used in the wrong manner, could become detrimental to the freedoms that we enjoy and love. Enabling government surveillance will mean a direct invasion of our privacy.

News Feed

A Few Months Back, Microsoft impressed the world with 'Microsoft loves Linux' announcements, including, development of a custom Linux-based OS for running Azure Cloud Switch and selecting Ubuntu as the operating system for its Cloud-based Big Data services.
Also Read: Microsoft Drops a Cloud Data Center Under the Ocean.

Now, a renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.

According to his tweets, hacker spotted two mysterious files, LXss.sys and LXCore.sys, in the most latest Windows 10 Redstone Build 14251, which are suspected to be part of Microsoft’s Project Astoria.

also known as Windows Bridge for Android, is a toolkit that allows running Android apps on Windows 10 Mobile devices.

The naming convention for latest discovered files is very similar to the Android Subsystem files from Project Astoria, i.e. ADss.sys.

So, the "LX" in these name, however, can only be taken for one thing, and that is LINUX, which suggests the Windows 10 will have access to a Linux subsystem also.

Why a Linux Subsystem?

Since Windows 10 has been introduced as a Universal Operating system for all devices, so it might be possible that Microsoft wants to expand Project Astoria from mobile devices to desktop users.

If this comes to be true, adding a Linux subsystem will be beneficial in case Microsoft has plans to offer support for Linux applications, especially servers related technology and software.

Isn't this exciting?

Previous Next