Netconclave Systems

15Oct/120

Twitter-scam-account-stealing

A quick and urgent warning for Twitter users, If you receive a direct message (DM) on Twitter saying "My profile was viewed..times..today" with a link then please don't click it. If you do, you will run the risk of having your Twitter account hijacked, your account turned into a spam-spewing tweet factory and all of your Twitter followers will be sent a personal copy of the same DM saying "My profile was viewed..times..today".

The direct message is a Scam aimed at stealing your twitter account. Or If any of this phishing scheme sounds familiar, it’s because this scam and others like it have been going around for quite some time now. Reason being, they’re all highly effective. Sure, the verbiage in the Twitter DMs may change periodically, but the goal of stealing your Twitter username and password stays the same.

We recommend you to:

DO not click the link.
DELETE that message
ONCE REVIEW all the application you have allowed in your twitter profile, Here.
REVOKE access of the suspicious applications immediate.

Filed under: News No Comments
13Oct/120

“itsoknoproblembro” DDoS Toolkit Was Used in Recent Debilitating Cyber Attacks

A series of unusually large and highly sophisticated DDoS attacks that hit various organizations last month appear to have used a highly sophisticated toolkit  said a tech firm

A distributed denial of service toolkit called "itsoknoproblembro" was behind some of the largest attacks recently,the firm said in a statement on Tuesday. The toolkit is capable of simultaneously attacking various components of a Website's infrastructure and flooding the servers with sustained traffic peaking at 70 Gbps, the company said. Most mitigation providers would struggle to combat DDoS attacks with these characteristics, according to  the firm

“What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said the tech firms ceo

Last month, a number of U.S.-based financial institutions, including Bank of America, JPMorgan Chase, PNC Bank, and others, were suspected of being crippled by powerful distributed denial of service attacks. While not all the institutions have confirmed being hit by DDoS attacks, they all experienced extremely high traffic volumes that affected the availability of their sites within days of each other. the firm did not explicitly say the toolkits were used in these banking attacks in the report, but stuck to the vague phrase, "end of quarter" attacks.

This tool has been used "in conjunction with sophisticated attack methods" that indicate the attackers are quite familiar with common DDoS mitigation methods. The toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types,. These attacks often take the form of a large UDP flood targeting DNS infrastructures, according to the company.

It appears that the attacking botnet contains many legitimate IP addresses, which makes it harder to use anti-spoofing mechanisms to block the junk traffic.

The itsoknoproblembro kit doesn't appear to be widely marketed on underground forums at this time

“The size and sophistication of this threat has created a high-alert within various industries and with good reason,”

Filed under: News No Comments
25Aug/120

BackTrack 5r3 more exciting and powerful

Backtrack 5 R3 focuses on bug-fixes as well as the addition of over 60 new tools

What are the new utilities included with Backtrack 5r3?
This is not a Perfect list, but hopefully it will help you see some of the very cool new tools and programs added to Backtrack 5 r3.

Following list of the new tools:-

>Identify Live Hosts:

 
  dnmap – Distributed NMap
  address6 (The Second “Alive6? entry) – IPV6 address conversion                                                                                                                                           

 
>Information Gathering Analysis

    Jigsaw – Grabs information about company employees
    Uberharvest – E-mail harvester
    sslcaudit – SSL Cert audit
    VoIP honey – VoIP Honeypot
    urlcrazy – Detects URL typos used in typo squatting, url hijacking, phishing

>Web Crawlers

  Apache_users – Apache username enumerator
  Deblaze – Performs enumeration & interrogation against Flash remote end points
  Database Analysis

  Tnscmd10g – Allows you to inject commands into Oracle
  BBQSQL – Blind SQL injection toolkit

>Bluetooth Analysis

  Blueranger – Uses link quality to locate Bluetooth devices

>Vulnerability Assesment

  Lynis – Scans systems & software for security issues
  DotDotPwn – Directory Traversal fuzzer

>Exploitation Tools

 Netgear-telnetable – Enables Telnet console on Netgear devices
  Termineter – Smart Meter tester
  Htexploit – Tool to bypass standard directory protection
  Jboss-Autopwn – Deploys JSP shell on target JBoss servers
  Websploit – Scans & analyses remote systems for vulnerabilities

>Wireless Exploitation Tools

 Bluepot – Bluetooth honeypot
 Spooftooph – Spoofs or clones Bluetooth devices
 Smartphone-Pentest-Framework
 Fern-Wifi-cracker – Gui for testing Wireless encryption strength
 Wi-fihoney – Creates fake APs using all encryption and monitors with Airodump
 Wifite – Automated wireless auditor

>A Bunch of Password Tools

  Creddump
  Johnny
  Manglefizz
  Ophcrack
  Phrasendresher
  Rainbowcrack
  Acccheck
  smbexec

Filed under: News No Comments
25Aug/120

Introduction to Hping

Hping is tool used by VAPT,Network professional for network scanning and crafting TCP/IP packets.Hping is tool providing testing against firewalls ,security auditing and now implemented in the one of best tool Nmap scanner available on various platforms.

Hping is command-line based TCP/IP packet assembler/analyzer.hping isn’t only able to send ICMP requests,It supports ICMP,UDP and Raw-IP protocols, also  has a traceroute capability,enable to send files between covered channel.

The stuff we can do using Hping :-

Firewall testing     Advanced port scanning     Network testing, using different protocols, TOS, fragmentation     Manual path MTU discovery     Advanced traceroute, under all the supported protocols Remote OS fingerprinting     Remote uptime guessing  TCP/IP stacks auditing  hping can also be useful to students that are learning TCP/IP.

There are two version of  Hping present in cyber world.Hping 2 and Hping 3 ,since version 3 which is in alpha state they are trying to not be just little tool but to make it a framework for scripting TCP/IP.Hping 3 comes with two new thing : the first isa an engine called APD that is able to translate simple packet description in form of string into packet to be sent and the reverse.The second is TCL scripting language,which makes it scriptable TCP/IP stack.

hping2 was used (in the past) to...

Traceroute/ping/probe hosts behind a firewall that blocks attempts using the standard utilities.Perform the idle scan (now implemented in nmap with an easy user interface). Test firewalling rules. Test IDSes. Exploit known vulnerabilties of TCP/IP stacks.Networking research.Learn TCP/IP (hping was used in networking courses AFAIK).

Hping3 should be used to...

Write real applications related to TCP/IP testing and security.Automated firewalling tests. Proof of concept exploits.Networking and security research when there is the need to emulate complex TCP/IP behaviour.Prototype IDS systems.  Simple to use networking utilities with Tk interface.

Filed under: News No Comments
20Aug/120

DNA,Pune. Article on cyber warfare

A day after Union home secretary RK Singh said that the bulk of rumours of imminent attacks on northeastern people for the killings of Muslims in Assam originated from Pakistan, experts said that this could be Pune’s first brush with cyber warfare. They also fear that all this is an indication of a major form of subversive warfare in the future. Cyber warfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation. Hackers and other individuals trained in software programming and exploiting the intricacies of computer networks are the primary executors of these attacks. These individuals often operate under the auspices and possibly the support of nation-state actors. Talking to DNA, security expert Niranjan Reddy, founder and chief technology officer of NetConclave Systems and a member of Indian Cyber Police, said, “Bullets are being replaced with bytes.”
“Cyberspace is the new warfront. As August 15 was approaching, Pakistani hacker attacked Indian sites,” he added. Reddy said that underground hacking groups had carried out systematic attacks on 100 sites, especially government ones in the past. Cyberspace, according to Reddy, is now the new battle ground for Kashmir as hackers are finding new means to demand emancipation of Kashmir by attacking various websites. These kinds of attacks can disable official websites and networks, disrupt or disable essential services, steal or alter classified data and cripple financial systems among many other possibilities. Rohit Srivastwa, expert on cyber security, told DNA, “The use of technology is used in spreading wrong messages. Earlier, people communicated inflammatory sentiments though emails and telephones. Now, the modus operandi has changed.” “They are circulating video clips which can move rapidly and create panic among the people at large. This cannot be ceased by the government by just banning bulk SMSes or MMSes. Efforts should be taken to thwart such processes from the beginning,” he added. Deepak Shikarpur, chairman of the IT Committee of Mahratta Chamber of Commerce Industries and Agriculture, said, “Yes, it is the initial stage of cyber warfare and the issue is not just limited to Pune. It is a threat to the entire country. “A decade ago, the national conference of Indian Science Congress took place in Pune. It was a big event as the prime minister and other dignitaries were part of it. Just before the event, its website was hacked and it took two days to restore the entire thing. Problem does not lie with technology alone. It’s the intention of those trying to misuse it,” he said. “Our Information Technology Act is very strong, but we need to have a fast track court so that the conviction rate in such kind of cases increases,” he added. “We cannot link the current issues with cyber warfare as they are more technical. However, whatever has taken place recently is a new way of utilising the social media. Earlier, brainwashing was done verbally. Now, people are playing with the technology,” an officer of the cyber cell said.

Filed under: News No Comments
20Aug/120

Hackers can get sneak peek into the brain

Call this a sneak into the future, but it’s now possible to read your brain, or rather hack it. Indeed. Researchers at Usenix Security conference have used a commercially available BCI or a brain-computer interface to demonstrate the very same. The brain-computer interface’s hardware includes a headset (an electroencephalograph or EEG) with sensors which sits up comfortably on your scalp, while the software deals with your brain activity trying to understand it. The BCIs are generally used in medical settings along with expensive equipments, but past few years have seen the emergence of similar cheaper products that are commercially available, like Emotiv BCI .

This BCI has an interface (API) that allows developers to employ BCI’s output in their respective programs.The security researchers from various renouned Universities made up a custom program that was designed solely to trace out sensitive data- like your credit card number, your DOB, etc. Then this programme was tested on 28 participants who were unaware that their brain’s being hacked. Now the information was to be extracted using the P300 response, which is a brainwave pattern that appears when you recognize a meaningful object or activity. Analyzing this patterns and pictures, the data is dug out with great accuracy. Well, in the real world, the researchers predict of a game where the hackers could dig out some of your sensitive information while promising you a false sense of security. And as the BCIs continue to get cheaper, the chances of this happening is pretty high

Filed under: News No Comments
13Aug/120

Kaspersky Labs uncover ‘Gauss’ an Espionage Malware that hit Middle East banks

A new cyber surveillance virus was found in the Middle East that can spy on banking transactions and steal login and passwords, according to Kaspersky Lab, a leading computer security firm.

After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It has been dubbed Gauss

Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins. The currently known plugins perform the following:

•Intercepting browser cookies and passwords.

•Harvesting and sending system configuration data to attackers.

•Infecting USB sticks with a data stealing code.

•Listing the content of the system drives and folders.

•Stealing credentials for various banking systems in the Middle East.

•Hijacking account information for social networks, emails and IM accounts.

The researchers at Russian-based Kaspersky Labs who discovered it have named it Gauss, and say it is aimed at pinching the secrete information of its intended targets, whoever they may be, not only stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal.   An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.

Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called "Palida Narrow.Roel Schouwenberg", senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “attack vector” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one.

Filed under: News No Comments
13Aug/120

Pakistani hackers deface Indian Southern Railways website

Website of the Southern Railways www.southernrailway.gov.in had been defaced apparently by Pakistani hackers.

The group calls itself 'Pak Cyber Pyrates' apparently replaced the home page of the website with a page that contained contents that denounces India's role in Kashmir.

Indian and Pakistani hacking groups are engaged in a cyber war with websites in both the countries being regularly attacked or defaced.

Filed under: News No Comments
2Aug/120

Maharashtra has emerged as the centre of cyber crime

Maharashtra has emerged as the centre of cyber crime with maximum number of incidence of registered cases under cyber crimes over the past two years as per the recent National Crime Records Bureau report (NCRB 2011).

At the country level, incidence of cyber crimes (IT Act and IPC) has increased by 67.4% in the year 2011 as compared to 2010.In the city wise break up, Vishakhapatnam tops the chart with maximum number of incidence of cases followed by Bengaluru and Jaipur. Hacking with computer systems and obscene publication were the main cases under IT Act for cyber crimes. Maximum offenders arrested for cyber crimes were in the age group 18-30 years.

In 2010, Maharashtra recorded 246 cases of cyber crimes (both under IT Act and IPC), the figure jumped to 393 in 2011. Also the figure for Andhra Pradesh in 2010 was 171 and the latest figure of 2011 stood at 372 respectively.

In the city wise break up, Vishakhapatnam registered 126 cases (IT Act and IPC) in 2011 followed by Bengaluru at 121 and Jaipur at 96 respectively. Overall, at the city level, 1058 cases were registered. In the year 2010, Pune at 58 reported the maximum number of cases followed by Hyderabad at 56 and Bengaluru at 49 respectively.

Cyber forgery with 61.3% (259 out of total 422) and cyber fraud with 27.9 percent (118 out of 422) were the main cases under IPC category for cyber crimes in 2011. Under ITAct , hacking with computer systems with 54.8% (983 out of total 1791) andobscene publication / transmission in electronic formwith27 .6% ( 496 out of total 1,791) were the main cases in 2011.

In the year 2010, 563 people in the age group 18-30 years were arrested, the figure jumped to 883 in the year 2011.

Charts for visual support

Exhibit 1:

Incidence ofcases cyber crimes      2010      2011        Percentage change
All India     1,322      2,213             67.4

 

Exhibit 2:

Worst performing states: Incidence of cases of cyber crimes (IT Act and IPC)

States                                       2010                            2011
Maharashtra                                        246                            393
Andhra Pradesh                                        171                            372
Kerala                                        156                            245

 

Exhibit 3:

Worst performing cities: Incidence of cases of cyber crimes (IT Act and IPC)

Cities                           2010                                    2011
Vishakhapatnam                           31                                   126
Bengaluru                           49                                   121
Pune                           58                                   83
Jaipur                           27                                   96
Hyderabad                           56                                   67

Exhibit 4: Persons arrested under cyber crimes age group

Number of persons arrested under age group 18-30 years        2010          2011
All India         563           883
Filed under: News No Comments
28Jul/120

Android malwares learn new tricks

Security researchers testing Google's Bouncer malware detection system for Android apps have managed to submit a harmless loocking app and then  updating it to add malicious functionality.

After Google launched its Bouncer system to protect apps in the Google Play Android market in February, the researchers wanted to see if they could turn a good app that was already in the system into something malicious without triggering the Bouncer malware alarm system. They were successful.

First they created an app that was designed to allow users to block text messages from specific numbers, known as  SMS blocker. Once the app was in the market and available for public download, the researchers updated it numerous times to add additional functionality that was totally unrelated. None of these updates triggered Bouncer because the researchers used a masking method that masked the functionality changes from Bouncer, the researcher said. "We used a technique that allowed us to pull a trick over Bouncer.

So their app, which they are refusing to identify, started off as a simple SMS blocker and was updated incrementally to access all sorts of data on the device and even to turn the phone into a zombie for use in various malicious attacks.

The last version in the store allowed us to steal all end user photos, contacts, phone records, SMS messages, and we can hijack a person's device and direct the device to visit a malicious Web site. "The last functionality in the app  allowed us to define a location for the mobile device to go and launch a DDoS against a target."

Eventually, the researchers updated the app and removed the technology that had hidden the malicious functionality. At that point, Bouncer detected it as malicious and pulled it from the market.

Filed under: News No Comments