Category: Hacker

“Rivolta” gives an insight into the Exploits of a 15-year-old “Elite” Hacker named Michael ‘MafiaBoy’ Calce, who had taken down the websites of some of the largest companies.

Michael “MafiaBoy” Calce was just 15 years old. During his Exploit days, prior to being arrested, he had taken down the websites of some of the largest companies in the world, causing an estimated $1.7 billion in losses. He realized the depth of what he had done, after watching a news program where then President Clinton spoke about what “Mafiaboy” had done.

This video: “Rivolta: Inside the Mind of Canada’s Most Notorious Hacker” was produced by HP Canada. “Rivolta” was directed by Hubert Davis.

In one way this young person was extremely curious and yet his educators did not pick-up on that, so he sought out info elsewhere. In one part of the video, Michael Calce talked about taking a computer programming class in Pascal, but showed his instructor that he could code the course examples in far more powerful and complex “C Language“.

How many other genius kids who have the inner desire to learn, are also being missed by their Educators? Yes, this video is about the Exploits of a 15-year-old “Elite” Hacker, but it is also about an Educational System which in my opinion failed this young lad.

Video is courtesy of the HP Canada YouTube channel

Advertisements

Dropbox Mega-Breach confirmed.

Over 60 million email addresses and passwords were hacked from Dropbox years ago. That data is floating around the folks on DarkNet. It is older and apparently not being marketed, yet some hacker have it. Even though the breach happened years back, the data still has value. People often rarely change their password. Similar Mega Breach data from prior breaches at LinkdIn and Tumblr, was being bought, sold and traded on DarkNet markets.

Click on this Link to visit the Motherboard site to read their post about Hackers stealing account data on tens of millions Dropbox users.

Click on this Link to visit Troy Hunt’s site. He was sent the hacked data from a supporter of “Have I Been Pwned?” site. Troy then found his own account data and also his wife’s account data and proceeded to confirm that the Dropbox Mega-Breach was real.

Video courtesy of the Fox Business YouTube channel

Click on this Link to visit theguardian newspaper website to read their post titled “Dropbox hack leads to leaking of 68m user passwords on the internet

Change your passwords often.
Use random numbers, letters and special characters,
for greater security.

Click on this link to view other CyberSecuirty related posts found on Uniquely Toronto.

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

HORNET, the alternative to Tor Network

When we think about surfing the Internet, most people are looking at just the top of the network iceberg. When in fact, the web actually holds a “Deep Web,” hidden from everyday users and ordinary browsers. This is due to the Deep Web continuously encrypting …

Source: HORNET, the alternative to Tor Network

 

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Major Bank Heist using SWIFT. Hackers tranferred over $950 Million and got away with $81 Million

The link above is to a Financial Post article on Cyber Security by Martin Arnold

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

“Hack The Pentagon”. The Department of Defense, in the USA, announced Cybersecurity Initiative.

The following is the official News Release about the DoD’s Cybersecurity Initiative titled”Hack The Pentagon“.

Statement by Pentagon Press Secretary Peter Cook on DoD’s “Hack the Pentagon” Cybersecurity Initiative

Press Operations

Release No: NR-070-16
March 2, 2016

PRINT | E-MAIL

The Department of Defense announced today that it will invite vetted hackers to test the department’s cybersecurity under a unique pilot program.  The “Hack the Pentagon” initiative is the first cyber bug bounty program in the history of the federal government.

Under the pilot program, the department will use commercial sector crowdsourcing to allow qualified participants to conduct vulnerability identification and analysis on the department’s public webpages.  The bug bounty program is modeled after similar competitions conducted by some of the nation’s biggest companies to improve the security and delivery of networks, products, and digital services. The pilot marks the first in a series of programs designed to test and find vulnerabilities in the department’s applications, websites, and networks.

Participants in the bug bounty will be required to register and submit to a background check prior to any involvement with the pilot program.  Once vetted, these hackers will participate in a controlled, limited duration program that will allow them to identify vulnerabilities on a predetermined department system.  Other networks, including the department’s critical, mission-facing systems will not be part of the bug bounty pilot program.  Participants in the competition could be eligible for monetary awards and other recognition.

This innovative project is a demonstration of Secretary Carter’s continued commitment to drive the Pentagon to identify new ways to improve the department’s security measures as our interests in cyberspace evolve.

“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter.  “Inviting responsible hackers to test our cybersecurity certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”

The “Hack the Pentagon” initiative is being led by the department’s Defense Digital Service (DDS), launched by Secretary Carter last November.  The DDS, an arm of the White House’s dynamic cadre of technology experts at the U.S. Digital Service, includes a small team of engineers and data experts meant to improve the department’s technological agility.

“Bringing in the best talent, technology and processes from the private sector not only helps us deliver comprehensive, more secure solutions to the DoD, but it also helps us better protect our country,” said DDS Director and technology entrepreneur Chris Lynch.

This initiative is consistent with the administration’s Cyber National Action Plan announced on Feb. 9, which prioritizes near-term actions to improve our cyber defences and codifies a long-term strategy to enhance cybersecurity across the U.S. government.

The pilot program will launch in April and the department will provide more details on requirements for participation and other ground rules in the coming weeks.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial
www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Latest version of Windows 10 may have a Linux subsystem secretly installed inside.

Image of Linux Penguin called Tux By Larry Ewing, Simon Budig, Anja Gerwinski

Linux Penguin called Tux By Larry Ewing, Simon Budig, Anja Gerwinski

“Renowned Windows Hacker and computer expert, who goes by the name ‘WalkingCat’, discovered that the latest version of Windows 10 may have a Linux subsystem secretly installed inside.”

 

 

Posted by: Vincent Banial
www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. Many moons ago I had worked with someone named “Wang Wei”, not sure if it was the same person as the author of The Hackers News post

Cybersecurity For Dummies available for legal download, at no charge from cybersecurity firm Palo Alto Networks

Palo Alto Networks is a Cybersecurity firm which creates Enterprise level solutions from Firewalls to full Endpoint Protection.I had previously written about Palo Alto Networks and the work of their Unit 42 Experts who broke the story, back in November 2014, about the WireLurker Apple IOS and OSX Family of Malware.

Chinese authorities had arrested a number of individuals and shut down the WireLurker Command and Control Server just ten days after Palo Alto Networks released their findings.

Last weekend we focused on Cybersecurity issues. Many visitors to this site may not be fully versed in Cybersecurity issues. In that vein, I wanted to let you all know that Palo Alto Networks is allowing the legal download of Cybersecurity for Dummies. It discuss APTs (Advanced Persistent Threats) to the Enterprise Network. Old solutions no longer work. A layered approach of new solution is detailed.

Click on this line to visit the Palo Alto Networks page where you can fill in a brief form to gain download access to Cybersecurity for Dummies.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Next Suits and Spooks event to be held in London England on May 06 and 07 2015


Suits and Spooks Events are a bit like TED Talks, but focused on Cyber Security issues. From the Suites and Spooks webpage: “Each event draws thought leaders and decision makers from the public, private, defense, law enforcement and intelligence sectors who come to learn about and discuss some of the key security challenges which face our digitally connected nation and world

One unique aspect of the presentations made at Suits and Spooks is that after the first 10 minutes, the Audience can join in by asking questions or directly challenging the presenter. Audience participation resulting in Debate and Discussion is the cornerstone of these events.


The next Suits and Spooks Event will be held in London England on May 6th and 7th 2015.


Click on this line to view their prior events which were held in 2014 and to check out the agenda of presentations made.


Click on this line to visit the Registration page for the upcoming 2015 London Suites and Spooks Event.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial for Uniquely Toronto
http://www.uniquelytoronto.com

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice. Any offers mentioned in this post are also subject to change without notice.

Just wanted to say Hello to our visitors from the American NSA agency , Canadian CSIS agency, Russian SVR agency and German BND agency. Sorry if I left out one or two others…


Thanks for dropping by and checking out this past weekend’s Cybersecurity related posts….

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

Kaspersky Lab publishes details about the Equation Hacker group’s arsenal, including “nls_933w.dll” which can reprogram the hard drive firmware of over a dozen different hard drive brands


Kaspersky Lab presented at their Security Analysts Summit something even more scary than the details about the Carbanak Bank Cyber Heist. Per Karspersky the Carbanak group ripped off about 100 banks around the globe of about $1 Billion Dollars (and in my opinion very likely still counting).

Kaspersky Lab Experts referred to the Equation group as the “God” or the “Death Star” of Malware. Part of the huge arsenal of code which the Equation group has been developing over what looks like decades is nls_933w.dll“. “It allows them to reprogram the hard drive firmware of over a dozen different hard drive brands“.

Oncenls_933w.dll installs the Malware into the Hard Disk’s firmware, there is no way to remove it. Repartitioning will not affect it. Reformatting has no effect. The only way to get rid of this Malware from the targeted computer, is to physically destroy the Hard Disk.

Kaspersky Lab goes on to report that the Equation group seems to have existed long before the Stuxnet group.

The word “Elite” is part of the lexicon of Hackers. The Equation group therefore can be called the Elite of the Elite of the Elite of the Elite of the Elite and so on of Uber Hackers. To be able to hack and modify a Hard Drive’s firmware is unheard of. To be able to do so for Hard Drives of over a dozen different brands is insanely impossible. Yet the Equation group did it and very likely much more, that has yet to come to light. In comparison, this makes things like the REGIN Malware group’s incredible capabilities seem like no big deal.

Ok, enough of my rambling.

Click on this line to view the Kaspersky Lab report about the Equation group and their arsenal of jaw dropping Malware. On that page you will find a link to a downloadable PDF of the Question and Answer session from their presentation at the Security Analysts Summit.

Wow, this has turned into a CyberSecurity long weekend. Very impressive and rather scary stuff has been revealed by Kaspersky Lab.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Kaspersky Lab report: The Great Bank Robbery: Carbanak cybergang steals $1 Billion Dollars from 100 financial institutions worldwide

Video is courtesy of the Kaspersky Lab YouTube channel


The Kasperskpy Lab report which was presented at the Security Analyst Summit (on Feb 16 2015) is now available online.


Click on this line to visit the Kaspersky Lab SecureList page which discusses the report : The Great Bank Robbery: Carbanak cybergang steals $1bn from 100 financial institutions worldwide.
You can also download a PDF of the “Full” Report via a link on that webpage.

Click on this link to view other CyberSecurity related posts found on Uniquely Toronto.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

Hackers supposedly were able to steal up to $1 Billion Dollars from Banks around the globe


This is a further update to our prior post about the breaking news of a major Cyber Bank Heist.

The amount supposedly stolen from assorted banks around the globe is now being published to be around $1 Billion Dollars.

Photo of racks filled with Cisco Networking gear. Photo Credit Vincent Banial

Racks filled with Cisco Networking gear. Photo Credit Vincent Banial

Continue reading

Hackers supposedly infiltrated Banks via Malware, allowing them to steal hundred of millions of dollars. Detailed report by cybersecurity firm Kaspersky Lab to be made public on Monday Feb 16

Photo of racks filled with Cisco Networking Gear. Photo Credit Vincent Banial

Photo of racks filled with Cisco Networking Gear. Photo Credit Vincent Banial

Click on this line to read what was posted today (Sat Feb 14)  by the New York Times about Hackers infiltrating Banks around the world by using Malware.

I have had many arguments about security software. One group especially got me going because to them Norton Security was the end all and be all. I finally got their so-called Tech to admit that to him Norton Security was the best because it had the largest market share. That’s like saying that GM automobiles are better than Rolls Royce automobiles because GM has a larger market share.

Of course Norton Security is very good. I believe that the security software created by Kaspersky Lab is better (your mileage may differ). Testing done by the Security Software testing site AV TEST http://av-test.org also top rates Kaspersky Lab security software. But I digress…our coverage of this major Cybersecurity Breach continues below.

The report on what Kasperky Lab had determined about the Cyber Bank Heist will be made public on Monday Feb 16.

Supposedly ATMs were instructed by the Hackers to dispense money at specific times.

Account balances were supposedly inflated and then the inflated amounts were transferred to Bank Accounts setup by the Hackers.

In the New York Times article it seems that Kaspersky Lab had supposedly seen evidence of hundreds of millions of dollars in supposed theft. The article implied that the Cyber Security Experts at Kaspersky Lab think that the sums stolen could possibly be multiple times more.

I will keep watching for the official Kaspersky Lab report on Monday. Till then you can learn more about this by visiting some of the links below.

Click on this line to read a prior report (Sept 11 2014) by Kaspersky Lab Security Experts. The report is titled: “Thefts in remote banking systems: incident investigations”. It details how Hackers were able to overcome one bank’s Security, by using Social Engineering to infect one key computer in that Bank’s Network. Makes for some interesting reading.

The New York Times post which looks to be the main post which  brought this to public light.

CNet’s post about the supposed Cyber Bank Heists.

ARS Techinca coverage of the Cyber Attack on Banks around the globe.

The Citizen post about this Hacker worldwide Bank Heist.

New York Times sub post about how Hackers infiltrated Banks.

 

I will continue to post about this as more is learned – most likely when that Kaspersky Lab report is released on Monday Feb 16 2015.

 

 

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.

WireLurker Malware targeting Apple IOS and OSX products


If you use an Apple IOS or OSX device (phone, tablet, notebook and desktop) you might want to check out my post about WireLurker.

Apple users sometimes are smug about not needing any security software. Yes, Apple products have been highly secure.

As the number of Apple products being purchased keeps growing, Apple products are also becoming targets for those who create Viruses and Malware and other interesting code.

Back in 2012 “Flashback” victimized about 700,000 Macs. WireLurker and future variants of it could have the potential to do the same.

Staying informed can help keep you and your Apple IOS and OSX gear from falling victim to such attacks.

 

Posted by: Vincent Banial

Disclaimer: Any Trademarks mentioned in this post are owned by the respective Trademark owner. There could be unintentional errors or omissions in this post. Always refer to the official sites to confirm details and any ongoing changes or updates. This post is subject to change without notice.