by

Tor Network used to Host 900 Botnets and hidden Darknet Markets
Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous.

Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges.

These days, Cyber criminals are hosting malware’s Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road that also offered arms and malware to their users against Bitcoin,one of the popular crypto currency.

ChewBacca, a point-of-sale keylogger was found to be used by them and the new Zeus banking malware variant with Tor capabilities, also the researcher has found the first Tor Trojan for Android as well.

With the use of ‘Darknet resources’, such as Tor network, cybercriminals are offered various advantages and the possibility of creating an abuse-free underground forum, market and malware C&C server is attracting more and more cyber criminals, who are increasingly moving towards the technology, according to Kaspersky Lab.
Tor Network used to Host 900 Botnets and hidden Darknet Markets
Hosting C&C servers in Tor makes them harder to identify, blacklist or eliminate," explained Sergey Lozhkin, a senior security researcher at Kaspersky Lab, “Although, creating a Tor communication module within a malware sample means extra work for the malware developers. We expect there will be a rise in new Tor-based malware, as well as Tor support for existing malware,” he added.

Tor network resources, including command-and-control servers, admin panels and other malware-related resources, ‘Carding’ shops are also waving on the Darknet. “Offers are not limited to credit cards – dumps, skimmers and carding equipment are for sale too,” said the researcher.

As you know, by browsing the web using Tor hides the users’ IP address, allows journalist, Internet activist to cyber criminals to maintain anonymity. In addition, this Darknet resource is resulting in financial fraud and money laundering.
Continue reading ...

by

US Prosecutor drops Criminal charges against Barrett Brown
U.S. Prosecutors decided not to pursue crucial criminal charges against journalist and activist Barrett Brown, and dismiss a majority of charges related to sharing a link to a dump of credit card numbers connected to the breach of intelligence firm Stratfor.

Supporters say Brown just copied the hyperlink from an the Internet chat room and then reposted the link on his own internet chat room, Project PM, that linked to stolen documents from the US government contractor, Stratfor Global Intelligence, included 860,000 e-mail addresses for Stratfor subscribers and 60,000 credit card details.

Just hours after Brown's lawyers filed their comprehensive argument, the DOJ has filed a motion to dismiss all 11 charges, on Thursday. 

Apart from computer fraud charges, Brown is also facing prosecution for allegedly threatening an FBI agent and for alleged obstruction of justice.

The Electronic Frontier Foundation (EFF), a non-profit organization defending civil liberties in the digital world, released a statement on the decision: “We are relieved that federal prosecutors have decided to drop these charges against Barrett Brown. In prosecuting Brown, the government sought to criminalize a routine practice of journalism—linking to external sources—which is a textbook violation of free speech protected by the First Amendment.

Brown is a well known figure in hacking and internet freedom circles, having had his writings published in outlets such as Vanity Fair and the Guardian. In September 2012, he was arrested by Law enforcement officers in a dramatic raid of his apartment, while he was having a live online video chat session with a few others.
Until his arrest, he ran a collaborative web publication very well known as Project PM that engaged in issues relating to official leaks and the work of the hacking collective Anonymous.

Kevin Gallagher, the director of the Free Barrett Brown support network, who think that the prosecution’s decision “unexpected and amazing,” said in a statement:

The charges against Barrett Brown for linking were flawed from the beginning. In the face of a rigorous legal challenge mounted by his defense, the government has finally recognized it and signaled that this is a battle they don’t want to fight.

Brown, currently being held in Texas, has spent more than a year behind bars and still faces up to 70 years in prison. Brown has two trials scheduled for April 28 and May 19, respectively, where he will be seen answering 17 charges related to his work on uncovering online surveillance.

Now, this is not the first time when the US government has forced strict laws against the hacktivists, last year, a 26-year-old, Reddit cofounder and the digital Activist, Aaron H. Swartz committed suicide, who was accused of hacking the MIT JSTOR database and charged $4 million in fines and up to 50 years in prison by the Court.
Continue reading ...

by

Satoshi Nakamoto - The Mysterious Bitcoin Creator finally Identified in California
'Satoshi Nakamoto', the mysterious founder and creator of the biggest digital cryptocurrency 'Bitcoin' has reportedly been unmasked as a 64-year-old father of six living in Temple City, Southern California.

Satoshi Nakamoto introduced Bitcoin to the world in 2008, but his identity has remained unknown. Till now, there was speculation that he might be a rebellious young programmer based in Tokyo, who took up the Nakamoto moniker as an alias. But the most astonishing thing about this Japanese-American man is that, his real name is Satoshi Nakamoto, who has been finally identified by Newsweek magazine.

Newsweek journalist, Leah McGrath Goodman also had a face-to-face meeting with Satoshi Nakamoto, and during an interview he said, "I am no longer involved in that [Bitcoin] and I cannot discuss it," he said. "It's been turned over to other people. They are in charge of it now. I no longer have any connection." and even he kept his Bitcoin invention secret from his family.

Satoshi Nakamoto was born in Beppu, Japan in 1949 and immigrated to the United States, 10 years later. He had changed his name in 1973 to Dorian Prentice Satoshi Nakamoto and now signs it as Dorian S NakamotoHe is said to have graduated from California State Polytechnic University with a degree in Physics.

The report describes, he has a career shrouded in secrecy, having done classified work for major corporations and the U.S. Military and Government.

Leah McGrath Goodman claims to have tracked him down after a two-month long investigation and wrote a 3,000 word profile on him. When the reporter goes to meet him and knocked on his door, Satoshi Nakamoto called the cops. She suggested that he might have $400 million (€291 million) worth of Bitcoins.

Arthur Nakamoto, Satoshi's brother told Newsweek, “What you don’t know about him is that he’s worked on classified stuff. His life was a complete blank for a while. You’re not going to be able to get to him. He’ll deny everything. He’ll never admit to starting Bitcoin.” Previously, many people have been identified as possible creators of Bitcoin but all have denied it.

According to his own family members, in the mid 1990s, he lost his job twice, and at one point his house was foreclosed on. So, all these factors could have influenced his desire to create a digital crypto currency that existed outside the influence of governments and banks.

Neither the people in tech community yet sure, nor we -- if the news is for real, but Gavin Andresen - Lead Developer, The Bitcoin Project tweeted, "I'm disappointed Newsweek decided to dox the Nakamoto family, and regret talking to Leah."

If he is the real Bitcoin founder, whose identity is now has been revealed to the public, then soon he may be forced by U.S Government  to give more details about his involvement and secrets of Bitcoin.

Update: 
Bitcoin creator may still be a mystery! Just 5 hours ago, SatoshiSatoshi Nakamoto's online account on the P2P Foundation website posted as a reply, “I am not Dorian Nakamoto,”.
Continue reading ...

by

HTTPS-ssl-hacking
Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by adopting encrypted communications, i.e. SSL enabled websites, over the Internet, they’ll be secure.

People do care of their privacy and many have already changed some of their online habits, like by using HTTPS instead of HTTP while they are surfing the Internet. However, HTTPS may be secured to run an online store or the eCommerce Web site, but it fails as a privacy tool.

The US researchers have found a traffic analysis of ten widely used HTTPS-secured Web sites “exposing personal details, including medical conditions, financial and legal affairs and sexual orientation.

The UC Berkeley researchers Brad Miller, A. D. Joseph and J. D. Tygar and Intel Labs' researchers, Ling Huang, together in ‘I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis’ (PDF), showed that HTTPS, which is a protocol to transfer encrypted data over the Web, may also be vulnerable to traffic analysis.

Due to similarities with the Bag-of-Words approach to document classification, the researchers refer their analysis as Bag-of-Gaussians (BoG).
Our attack applies clustering techniques to identify patterns in traffic. We then use a Gaussian distribution to determine similarity to each cluster and map traffic samples into a fixed width representation compatible with a wide range of machine learning techniques,” say the researchers.
They also mentioned that, "all capable adversaries must have at least two abilities." i.e. The attacker must be able to visit the same web pages as the victim, allowing the attacker to identify patterns in encrypted traffic indicative of different web pages and "The adversary must also be able to observe victim traffic, allowing the adversary to match observed traffic with previously learned patterns" they said.

The Test analysis carried out in the study includes health care services, legal services, banking and finance, Netflix and YouTube as well. The traffic analysis attack covered 6,000 individual pages on the ten Web sites and identified individual pages in the same websites with 89% accuracy in associating users with the pages they viewed.

Snowden mentioned previously, "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it" So, the technique allows Government agencies to target HTTPS traffic to mine metadata from ISP Snooping, Employee Monitoring, and which they could use for Surveillance and Censorship purpose.
Continue reading ...

by

Android platform is becoming vulnerable day by day and hackers always try to manipulate android by applying novel techniques. In this regard, Symantec researchers have found a new android malware toolkit named “Dendroid”.

Previously Symantec found an Android Remote admin tool named AndroRAT is believed to be the first malware APK binder. However, Dendroid runs on HTTP with many malicious features.

Dendroid toolkit is able to generate a malicious apk file that offers amazing features like:
  • Can delete call logs
  • Open web pages
  • Dial any number
  • Record calls
  • SMS intercepting
  • Upload images, video
  • Open an application
  • Able to perform DoS attack
  • Can change the command and control server
The author of Dendroid also offers 24/7 customer support for this RAT and Android users can buy this toolkit at $300 by paying Bitcoin, Lifecoin.

Experts at Symantec said that Dendroid has some connection with the previous AndroRAT toolkit. Dendroid being an HTTP RAT offers PHP panel, firmware interface, and an APK binder package. The official seller of Dendroid is identified as “Soccer” and it endow with amazing features that have never been offered before this.
Symantec believes that there is a strong marketplace for such malicious tools. Even on PC platform, many crimeware toolkits like Zeus (Trojan.Zbot) and SpyEye (Trojan.Spyeye) performed high profile crimes. Such toolkits became popular due to ease of use. Symantec is also observing over Dendroid and advice users to install Norton Mobile Security to detect this threat.

According to a well-known report, Android is a dominant player in spreading mobile malware. Due to open source platform, Android is on the target of cyber criminals. Many experts have also predicted that the year of 2014 will be of malware attacks and data theft. It is believed that these attacks will happen on major OS, including Android, iOS, and Blackberry, etc. 

It is sensible to download apps from trusted source (Google Play). If you download application from an unknown source, you may fall victim of a cyber attack.

Article written by Abel Wike , Head of fraud prevention division - ClickSSL.
Continue reading ...

by

Uroburos rootkit - a three-year old Espionage Campaign from Russia
The Continuous Growth of spyware, their existence, and the criminals who produce & spread them are increasing tremendously. It’s difficult to recognize spyware as it is becoming more complex and sophisticated with time, so is spreading most rapidly as an Internet threat.

Recently, The security researchers have unearthed a very complex and sophisticated piece of malware that was designed to steal confidential data and has ability able to capture network traffic.

The Researchers at the German security company G Data Software, refer the malware as Uroburos, named after an ancient symbol depicting a serpent or dragon eating its own tail, and in correspondence with a string (Ur0bUr()sGotyOu#) lurking deep in the malware's code. 

The researchers claimed that the malware may have been active for as long as three years before being discovered and appears to have been created by Russian developers.

Uroburos is a rootkit designed to steal data from secure facilities, has ability to take control of an infected machine, execute arbitrary commands and hide system activities, communicating primarily using peer-to-peer connections in a network it has penetrated to infect new machines within the network, manages to pass back the exfiltrated information back to attackers from infected machines and network data, the researchers explained.

The two main components of Uroburos are - a driver and an encrypted virtual file system, used to disguise its nasty activities and to try to avoid detection. Its driver part is extremely complex and is designed to be very discrete and very difficult to identify.

The malware uses two virtual file systems, one NTFS file system and one FAT file system, and both are stored locally on the infected system and are used as a "workspace" by the attackers, providing a storage space for third-party tools, post-exploitation tools, temporary files and binary output. The virtual file system can’t be decrypted without the presence of drivers, according to the Gdata’s analysis explained in the PDF.

The driver is needed to decrypt the virtual file systems, to create several hooks to hide its activities, to inject libraries in the users land and to establish and manage some communication channels.

The development of a framework like Uroburos is a huge investment. The development team behind this malware obviously comprises highly skilled computer experts, as you can infer from the structure and the advanced design of the rootkit. We believe that the team behind Uroburos has continued working on even more advanced variants, which are still to be discovered.”

WITH LOVE From RUSSIA: Technical Similarities with the previous malware Agent.BTZ and that the malware Uroburos checks the presence of Agent.BTZ in the system and remains inactive if Agent.BTZ is present, makes the researchers believe that it was designed by the same by the Russian intelligence services, according to Data analysis.
“Due to many technical details (file name, encryption keys, behavior and more details mentioned in this report), we assume that the group behind Uroburos is the same group that performed a cyberattack against the United States of America in 2008 with a malware called Agent.BTZ,” say the researchers. They also added that the reason it is meant to be of the Russian origin is, “Uroburos checks for the presence of Agent.BTZ and remains inactive if it is installed. It appears that the authors of Uroburos speak Russian (the language appears in a sample), which corroborates the relation to Agent.BTZ. Furthermore, according to public newspaper articles, this fact, the usage of Russian, also applied for the authors of Agent.BTZ.”
In 2008, USB and Removable storage drives placed on hold in the U.S. Army facilities after the spread of Agent.BTZ worm. The USB stick contained malicious code was trying to keep on multiplying further and infected the military’s network.

The attacks carried out with Uroburos are targeting government institutions, research institutions, intelligence agencies, nation states, research institutions or companies dealing with sensitive information as well as similar high-profile targets. The oldest drivers identified by the researchers was compiled in 2011 is the evidence that the malware was created around three years ago and was undetected.
“The Uroburos rootkit is one of the most advanced rootkits we have ever analyzed in this Environment,” the G Data concluded.
The team behind the development of the malware Uroburos has developed an even more sophisticated framework, which still remains undiscovered, the researchers believe. Many infection vectors are conceivable. E.g. Spear phishing, drive-by-infections, USB sticks, or social engineering attacks.
Continue reading ...