Monday, September 1, 2008

Cyber Crime Update

HACK : Master hacker ran a parallel company


25 Aug 2008


JAIPUR: An IT wizard, who had hacked into the high-tech security of Reliance Infocomm, however could not escape from the trap laid by police.

Even the city police had no idea how the case might turn out to be when officials of Reliance Infocomm filed a complaint earlier this month saying their mobile numbers were being cloned in the city. Investigations have revealed that master hacker Akil alias Akeel Ahmed had hacked into the main software of Reliance Infocomm called 'Clearify’ and had been cloning platinum numbers (numbers that end with a series of particular digits) issued by the company for the past two years. Police officials are also probing possibilities of his having any nexus with the terror network. According to the police, Akil had hacked the company’s software to such an extent that he was literally able to run a parallel company.

According to the police, 28-year-old Akil, a resident of a village near Nuh town in Haryana, had completed B-Tech from an institute in Faridabad. His father works as a cashier with a sugar mill in Palwal. He has a big political clout in Haryana as many of his relatives have held key ministerial posts with the state government. Police said that one of his relatives is a deputy speaker of Haryana Assembly and another is a chairman of state handloom corporation.

According to the police, the software 'Clearify' is accessible only to authorized internet café administrators and top officials of the company. He being an internet café administrator, three years ago, had the knowledge of the software and had created three fake identities to access the software. With help of these fake identities, he was able to hack the company's database and clone the platinum numbers that come at a price ranging between Rs l lakh and 3 lakh.

The police said, "Not only did he have access to the software but he was also able to get himself supreme rights that enabled him complete control over the system. He was able to allot new numbers, cancel existing ones, change user profiles and even write bills of any amount. He believed in upgrading his skills and every time the company introduced a new feature he added it to his access panel."

"Posing as a company representative, he used to approach the internet cafés administrators and gain control over their servers. From the server he would download all the required information and softwares provided by the company. He later sold them to mobile users. He also sold large number of cloned chips in the market whose numbers and details are expected to be revealed in further investigations. Though the exact size of the damage caused to the company by him is not clear but it is expected to run into millions of rupees," added the police.

According to police, he had been duping the company for the last two years operating from various locations in Haryana and Delhi before shifting to Jaipur nearly a month ago. He hacked many softwares at a web world in Vaishali Nagar area here from July 29 to August 6 following which an FIR was lodged with the Vaishali Nagar police station by the company on August 8.


EXPOSED : 8 million victims in the world's biggest cyber heist

The Sunday Herald

23rd August 2008


AN international criminal gang has pulled off one of the most audacious cyber-crimes ever and stolen the identities of an estimated eight million people in a hacking raid that could ultimately net more than £2.8billion in illegal funds.

A Sunday Herald investigation has discovered that late on Thursday night, a previously unknown Indian hacker successfully breached the IT defences of the Best Western Hotel group's online booking system and sold details of how to access it through an underground network operated by the Russian mafia.

It is a move that has been dubbed the greatest cyber-heist in world history. The attack scooped up the personal details of every single customer that has booked into one of Best Western's 1312 continental hotels since 2007.

Amounting to a complete identity-theft kit, the stolen data includes a range of private information including home addresses, telephone numbers, credit card details and place of employment.

"They've pulled off a masterstroke here," said security expert Jacques Erasmus, an ex-hacker who now works for the computer security firm Prevx. "There are plenty of hacked company databases for sale online but the sheer volume and quality of the information that's been stolen in the Best Western raid makes this particularly rare. The Russian gangs who specialise in this kind of work will have been exploiting the information from the moment it became available late on Thursday night. In the wrong hands, there's enough data there to spark a major European crime wave."

Although the security breach was closed on Friday after Best Western was alerted by the Sunday Herald, experts fear that information seized in the raid is already being used to pursue a range of criminal strategies.

These include:

v Armed with the numbers and expiry dates of customers' credit cards, fraudsters are equipped to make multiple high-value purchases in their victims' names before selling on the goods.

v Bundled together with home addresses and other personal details, the stolen data can be used by professional organised criminal gangs which specialise in identity theft to apply for loans, cards and credit agreements in the victims' names.

v Because the compromised information included future bookings, the gang now has the capacity to sift through the data and sell "burglary packs", giving the home addresses of local victims and the dates on which they are expected to be away from their home.

Although the nature of internet crime makes it extremely difficult to track the precise details of the raid, the Sunday Herald understands that a hacker from India - new to the world of cyber-crime - succeeded in bypassing the system's security software and placing a Trojan virus on one of the Best Western Hotel machines used for reservations. The next time a member of staff logged in, her username and password were collected and stored.

"Large corporate companies rely on anti-virus products to protect their infrastructure, but the problem with this approach is that these products only detect around 60% of threats out there. In the right hands, viruses can easily bypass these programs, as was the case here," explained Erasmus.

The stolen login details were then put up for sale and shared on an underground website operated by a notorious branch of the Russian mafia, which specialises in internet crime and offers heavily guarded and untraceable hosting services with no questions asked for criminal activity. Once the information was online, experts estimate that it would take less than an hour to write and run a software bot' - a simple computer programme - capable of harvesting every record on Best Western's European reservation system.

With eight million people staying in the hotel group's 86,375 continental rooms every year, gaining access to the system is a major coup for the cyber-criminals responsible. Given that criminals now have access to all bookings from 2007-2008, and based on the FBI-sponsored Internet Crime Complaint Center's reports that the average victim of internet crime loses £356, they are sitting on a potential haul of at least £2.84bn.

After thanking the Sunday Herald for exposing the raid on its systems, Best Western Hotels closed the breach at around 2pm on Friday afternoon. Stressing that staff are fully aware of the potential seriousness of the attack, the company reassured customers that it is now taking appropriate action.

"Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected," said a spokesman.

"We continue to investigate the root cause of the issue, including, but not limited to, the third-party website that has allegedly facilitated this illegal exchange of information."

On the other hand, in an email sent to various media, Best Western refuted the story claiming 8 million customer records were breached. Hotel chain confirms that intrusion took place but only 13 records at a single hotel were exposed. Best Western claims to be PCI complaint but does not specify – what and which facilities are PCI complaint - whether only data center is PCI complaint or all hotels and reservation facilities.



BACK-TO-CASH : Card fraud-fearing Brit Tourists Carry Cash
By John Leyden
22nd August 2008


Four in five of Brits are worried about possible fraud if they use their cards overseas with many (60 per cent) choosing to carry cash instead.

Card cloning tops the list of fraud worries (46 per cent) followed by card not present fraud (42 per cent) among a sample of 1,700 Brits quizzed on behalf of marketing and travel assistance services firm CPP earlier this month. The survey follows recent figures from banking association APACS that show fraud abroad accounts for 39 per cent of theft and fraud on UK-issued cards. International fraud losses rose from £117.1m in 2006 to £207.6m in 2007, a big rise that helped push overall losses up to £535.2m.

Between July 2007 and July 2008, 6,984 incidents of plastic cards being stolen abroad were reported to CPP by distressed Brits. More than a quarter of these cases occurred in Spain (28 per cent), followed by France (13 per cent) and the USA (10 per cent). These figures probably reflect the travelling habits of Brits more than inherent risk. It's also worth noting that people carrying large wads of cash abroad put themselves at higher risk on losing a bundle to pickpockets.

CPP reports that people who use their cards abroad (at cash machines or in shops) often fail to double-check their receipts against card statements when they return home.

Kerry D'Souza, card fraud expert at CPP, said: "Awareness about card fraud abroad is growing but consumers are still not taking the basic security steps needed to protect themselves. Given overseas losses from card fraud was a staggering £207.6m in 2007 and criminals are becoming more ingenious, it is vital that the financial sector continues to educate Brits about the risk it presents and the safety measures they can put in place."


RISKY : SSDs are hot, but come with security risks
SSDs are vulnerable to hacks from light sources like an ultraviolet laser
Agam Shah
IDG News Service

August 22, 2008 http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113239&source=NLT_SEC&nlid=38

Solid-state drives are fast becoming popular replacements for hard drives, especially in laptops, but experts caution that SSDs aren't as secure as commonly thought.

SSDs may offer better data security than traditional hard drives, but they do not completely erase data and are vulnerable to physical hacks from light sources like an ultraviolet laser, experts say.

Despite their relatively high cost and concerns about durability, SSDs are gaining popularity, particularly for use in laptops, because they consume less power and access data more quickly. Securing data on SSDs could become a larger issue when the technology becomes more widely used and reaches other portable devices like smart phones, experts said.

Many SSDs use industry-standard NAND flash chips that were designed for cameras and MP3 players, so they have no physical security hooks that prevent them from being removed from enclosures, said Jim Handy, director of Objective Analysis, a semiconductor research and consulting firm. A hacker could easily unsolder NAND chips from an SSD and read the data using a flash chip programmer.

Once the data is read, the files could be reassembled using data recovery software, Handy said. "There's really nothing sophisticated about this process," he said.

Another physical hack involves using an ultraviolet laser to wipe out lock bits -- or encryption locks -- from fuses on chips that secure SSDs, said a chip hacker who prefers to be called Bunnie and runs the blog site bunnie studios. Data arrays from SSDs can be read using standard means after the lock bits are wiped.

"No fancy equipment is required to read the [data] array once it is unlocked," Bunnie said. For example, the data arrays can be read using conventional ROM readers, devices typically meant to burn and verify unsecured ROM devices.

To lessen chances of hackers stealing data, encryption keys could be integrated inside the SSD controller device to handle disk encryption at the hardware level, said Craig Rawlings, marketing director at Kilopass. Kilopass sells products using XPM (extra permanent memory) technology that stores keys in system-on-chip devices.

Encryption keys can be hacked, but experts agreed that encryption is the necessary first step to secure data on SSDs. Many companies, including Safend and Encryptx, have products that encrypt data on storage devices including SSDs.

Encryption adds another barrier so that hackers have to bypass encryption layers, the controller and then reassemble raw data for a successful hack, said Sean Barry, senior data recovery engineer at Kroll Ontrack. This takes time, during which data may become invalid or useless.

Encryption also makes files on SSDs a lot easier to erase. Like hard drives, SSDs create multiple file copies, but encryption software can help erase secured files, said Kyle Wiens, CEO of iFixIt.

"Every time you write data it might write ... to a different part of the disk and then change the directory table around. So it forgets where the data was written before," Wiens said. Users may delete one file, but a replica could remain untouched in another sector.

The wear-leveling feature of SSDs -- based on an algorithm that erases and writes data evenly across all the cells on a memory chip to prevent some from wearing out faster than others -- makes files harder to completely erase, Wiens said.

Some encryption software monitors the wear-leveling process to track file remnants, which can then be deleted using the secure erase command, said Knut Grimsrud, an Intel Fellow. Secure erase is a command for secure file deletion that needs to be supported by the encryption software.

"If all the software does is write over the top of the LBAs, I don't think it'll be as [effective] on an SSD as it may have missed remnants from the previous wear-leveling or something like that because the software doesn't know about that," Grimsrud said. LBA (logical block addressing) specifies the location of data blocks on storage devices.

Overall, it's easier to delete data from SSDs than from hard drives, which can be a good or bad. Data is stored on electrons in SSDs, and getting rid of electrons flushes out the data, Kroll Ontrack's Barry said. In hard drives, the data has to be overwritten or physically damaged to prevent it from being read.

The data flush could have its own advantage in terms of quickness, but in the wrong hands data on SSDs could be carelessly and easily lost, Barry said.


New IT Term of the day

rogue peer

A rogue peer is an end-user computer—usually a laptop—that has both bridging and wireless enabled. Since the basic functions of an access point are bridging and wireless access, any laptop that has these capabilities presents a similar vulnerability or worse. The vulnerability with a rogue peer can be much more severe than with a rogue AP, because laptops provide almost no security features to prevent connections from other unauthorized users.

A rogue peer is one of two categories of rogue wireless devices, with the other being rogue access points.


Quote of the day

Luck marches with those who give their very best.

No comments:

This Day in History

Thanks for your Visit