Media Moguls body discovered

http://media.smh.com.au/technology/tech-talk/murdochs-the--sun-hacked-2501674.html

Hackers who broke into the News Corporation network and forced its British websites offline claim to have stolen sensitive data from the company including emails and usernames/passwords.
All of News Corporation's British websites were taken offline today following an attack on the website of tabloid The Sun, which earlier today was redirecting to a fake story about Rupert Murdoch's death.
Further pain is expected for the media mogul as the hacker group responsible for the attack claims to have also stolen emails and passwords for News International executives and journalists. It said it would release more information tomorrow.

Hacked ... LulzSec put a fake story on The Sun's website saying Rupert Murdoch was dead. Photo: Screengrab

Websites for The Sun, The Times, BSkyB and News International were all inaccessible this morning.
It is believed News took the decision to pull the plug on its entire British network of sites following the hack attack on The Sun. This may have been to prevent further damage and stop unauthorised users from accessing private emails with the hacked login details.
The infamous hacking group LulzSec have claimed responsibility for taking over The Sun's website, linking to a site with the fake story under the headline "Media moguls body discovered", with "Lulz" printed at the bottom of the page.

Taken over ... The Sun website was redirecting to the LulzSec Twitter page.

The site displaying the fake story then crashed because of heavy traffic, before The Sun's website redirected to LulzSec's Twitter page.
"TheSun.co.uk now redirects to our twitter feed. Hello, everyone that wanted to visit The Sun! How is your day? Good? Good!," the hackers wrote.
The fake Murdoch death story claimed the mogul "ingested a large quantity of palladium before stumbling into his famous topiary garden late last night".
In a tweet, LulzSec member Sabu suggested the group had also stolen News International journalists' emails or email login details. "Sun/News of the world OWNED. We're sitting on their emails. Press release tomorrow," Sabu wrote.
Sabu and other LulzSec members then began tweeting what they claimed were the usernames and passwords of top News International executives.
About 9am AEST, network administrators at The Sun appeared to have cottoned on to the hack and the entire Sun website was pulled down. Visitors were greeted with an error message.
LulzSec showed no fear of repercussions on its Twitter feed. "Arrest us. We dare you. We are the unstoppable hacking generation and you are a wasted old sack of sh--, Murdoch," read one post.
LulzSec, which had announced it was disbanding last month following the arrest of alleged members, is a global loose-knit hacker group in the same vein as Anonymous. It has targeted the US Senate, CIA, military technology contractor Booz Allen Hamilton and other government and corporate targets, purportedly for fun.
Lulz is a variation of the internet slang lol, which means laugh out loud. LulzSec members claim they do it "for the lulz", or laughs.
The group appears to have reformed just to target News International in Britain.
"Thank you for the love tonight. I know we quit, but we couldn't sit by with our wine watching this walnut-faced Murdoch clowning around," Lulzsec tweeted.
News International's websites, newsint.co.uk and newsinternational.co.uk, are also down, for unknown reasons.
The hacking of The Sun website comes as the phone hacking scandal continues to engulf News International.
A former News of the World journalist, Sean Hoare, who was one of the whistleblowers on phone hacking, was found dead at his home in Watford, about 40 kilometres from London.
Police said the death was unexplained, but not considered suspicious.
Murdoch, his son James and former News International chief executive Rebekah Brooks are scheduled to appear before members of parliament tonight, Australian time, to be grilled about what they knew about phone hacking.
News Ltd in Australia and News International in Britain are both subsidiaries of Murdoch's global News Corp empire.

 http://www.smh.com.au/technology/technology-news/lulzsec-hack-into-murdochs-british-websites-20110719-1hm6r.html#ixzz1SXpjrV8k

90 Sec News- Apple, RSA, Facebook, spyware, scareware, DDoS - June 2011

http://nakedsecurity.sophos.com/2011/07/11/apple-rsa-facebook-spyware-scareware-ddos-90-sec-news-june-2011/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GrahamCluleysBlog+(Graham+Cluley%27s+blog)&utm_content=Twitter

Identifying the hacktivists of the emerging cyberwar

The hacktivist landscape has become increasingly cluttered, and while the anonymity they cling to makes clearly labeling each player difficult, the rising division between these groups is beginning to give them distinct identities.

The Internet has never been a safe place, and since its inception, and introduction to consumers, privacy and security have been a major concern. Of course, now that the average person’s computer skills are many times over what they used to be, that only amplifies the problem. Couple this with the fact that millions and millions of people are uploading mass amounts of personal and sensitive data and you’ve got a recipe for some serious cyber-insecurity. The advent of hackers with a conscience has exacerbated the situation while also putting a new twist on Web ethics.
Anonymous and LulzSec have become household names, and their Internet antics have captured the attention of just about everyone, including the CIA. But as identities and opponents merge, the cyberwar landscape has become confusing. Consider this an introductory course to the who’s who of hackers.

Anonymous

Anonymous first largely appeared on many radars after making worldwide headlines for its attack on the Church of Scientology in what they called Project Chanology. But more recently the group became a household name shortly after the WikiLeaks Cablegate debacle.
When various websites refused to host WikiLeak’s site, and credit card companies wouldn’t offer a way for people to make donations to the group, the hacktivists took it upon themselves to fight WikiLeak’s enemies. Anonymous used a series of DDoS to take down MasterCard, Visa, PayPal and drew the ire of international law authorities.
So where did Anonymous come from? The group organized via popular forum 4chan and past victims include the Church of Scientology, Internet predator Chris Forcand, and censorship proponents worldwide. Many of its actions have been motivated by the groups’ personal morals, which largely focus on freedom of information. Much of its recent work has centered on the Middle East rebellions, and the group has publicly announced its fight against Iran and Egypt. Other notable targets were HB Gary, Sony PlayStation (although Anonymous claimed innocence for the PSN collapse), and Bank of America.
The group’s various press releases and announcements are typically well written and almost business-like, as have been its denials. It has often had to defend itself against many groups claiming to be hacked by Anonymous. There have been rumors of inner turmoil that has led to different factions with separate agendas and personalities. At the moment, AnonNews is down due to DDoS attacks.

LulzSec

If Anonymous is the student body president of hackers, LulzSec is the class clown. The group hasn’t been on the public scene very long, first gaining notoriety about a month ago when attacked Fox.com in retaliation for calling the rapper Common “vile.” But LulzSec’s first breakthrough performance came when it hacked PBS and posted a fake report that Tupac Shakur was alive. The group claimed that this was in response to negative attention directed toward WikiLeaks and Bradley Manning. LulzSec also claimed responsibility for some of Sony’s hacked web properties. Over the last month, LulzSec has also hit the FBI, Nintendo, and the CIA websites.
Despite some of its very serious and established opponents, LulzSec has time and time again affirmed it’s “in it for the lulz.” The group has also been extremely communicative with the public via its Twitter feed and even a phone request line, where it will take suggestions for hacks. The group has more of a prankster air to it then serious freedom defender, although its beliefs seem to align with Anonymous’. LulzSec has taking to mocking its victims more openly and in a more lighthearted tone than Anonymous has, though, giving it an entirely different reputation than its more serious counterpart.

Anonymous vs. LulzSec?

There were rumors that Anonymous and LulzSec were opponents. After a series of DDoS attacks that slowed down various online games because of malicious traffic, some frustrated 4chan users decided to begin their own DDoS retaliation against LulzSec. The group then used its massively popular Twitter account to attack 4chan, which Anonymous took as a personal affront. By later that day, however, both had denied such a rivalry, and the two have since united for Operation Anti-Security to expose faulty handling of user data.

Web Ninjas vs. Anonymous and LulzSec

It’s a good thing Anonymous and LulzSec teamed up when they did, because Web Ninjas has its eye on them. It’s rumored Web Ninjas is the home of Th3J35t3r, who took down WikiLeaks shortly after it posted its stash of confidential diplomatic cables in fall 2010. Whether or not he’s a part of the coalition, the group insists it’s working for a “safer and peaceful Internet for everyone, not some bunch of kids threatening [the] Web and trying to own it for LULZ or in the name of publicity or financial gain or anti-government agenda.” The group released a large amount of information about the alleged identities of LulzSec hackers, including their whereabouts. LulzSec has denied the seriousness and truth behind these revelations, but an associate of the group was arrested today. LulzSec downplayed the amount of his involvement in the group, saying he is largely inconsequential to their operations. LulzSec also released the information of someone they believe attempted to out them.

Idahc

Residing (purportedly) outside this interwoven ring of hackers is Idahc. The Lebanese hacker is reportedly an 18-year-old computer science student and runs a one-man operation seemingly focused on Sony and Sony alone. He personally has moral issues with Sony, particularly for its treatment of George “GeoHot” Hotz and has said “If you want ethics, go cry to Anonymous. True lulz fans, stay tuned in.” He is thought to be behind many if not all of the hacks to various Sony Web properties. Idahc calls himself a grey hat focused on exposing the insecurity of Sony user accounts.

Despite their claims of independence and purported ethical intentions, the very nature of the groups inspires distrust. And it’s difficult to admit that with the apprehension toward supporting what are legally cyber-criminals, comes some sort of interest mixed with understanding: Whether or not you agree with all of their ploys, combating oppressive regimes and censorship while also exposing the careless liberties large corporations is difficult to oppose. Of course if you’re one of the many who’s had their email and password plastered all over PasteBin recently, you might feel otherwise.

In Case You Missed It:

• LulzSec hacked by TeaMp0isoN
• Anonymous takes down PlayStation website; UPDATE: Anon explains attack on Sony
• LulzSec hacks Sonypictures.com, user data compromised
• Operation Wisconsin: Anonymous targets billionaire Koch brothers

http://www.digitaltrends.com/computing/identifying-the-hacktivists-of-the-emerging-cyberwar/

Layer 7 Application attacks - (DDoS)

Security attacks are moving ‘up the stack.’  90% of security investments are focused on network security, yet according to Gartner, 75% of the attacks are focused at the application layer and ‘over 90 percent of security vulnerabilities exist at the application layer, not the network layer.’  SQL Injection and XSS are #1 and #2 reported vulnerabilities and the top two from the OWASP Top 10.  Plus, from Forrester Consulting, the average loss of revenue per hour for a layer 7 DDoS attack is $220,000.  These vulnerabilities are some of the primary routes that are being exploited in many of the recent attacks.
Modern DoS attacks are distributed, diverse and cross the cavity that divides network components from application infrastructure yet many of these attacks are preventable. The problem is that organizations are using outdated network and/or desktop technology to try and protect against sophisticated application security attacks which traditional solutions like network firewalls, IPS or AV systems have little to no visibility or role. It’s like trying to protect a city against a coordinated air attack by digging trenches in the ground. Wrong band-aid for the attack vector. 

It is interesting that these attacks have been around for a while but also shows how hard it is to get protection right, especially when the attacks are blended.  Once a vector is found to deliver, a variety of exploits can be used in quick succession to find one that will work.  Most of these attacks would also have sailed invisibly through an IPS device – no offense to those solutions – they are just not designed to protect the application layer or didn’t have a signature that matched.  A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer attacks.

http://psilvas.wordpress.com/2011/06/22/cure-your-big-app-attack/

Financial Mogul Linked to DDoS Attacks

Pavel Vrublevsky, the embattled co-founder of ChronoPay — Russia’s largest online payments processor — has reportedly fled the country after the arrest of a suspect who confessed that he was hired by Vrublevsky to launch a debilitating cyber attack against a top ChronoPay competitor.

KrebsOnSecurity has featured many stories on Vrublevsky’s role as co-founder of the infamous rogue online pharmacy Rx-Promotion, and on his efforts to situate ChronoPay as a major processor for purveyors of “scareware,” software that uses misleading computer virus infection alerts to frighten users into paying for worthless security software.  But these activities have largely gone overlooked by Russian law enforcement officials, possibly because the consequences have not impacted Russian citizens.
In the summer of 2010, rumors began flying in the Russian blogosphere that Vrublevsky had hired a hacker to launch a distributed denial of service (DDoS) attack against Assist, the company that was processing payments for Aeroflot, Russia’s largest airline. Aeroflot had opened its contract for processing payments to competitive bidding, and ChronoPay was competing against Assist and several other processors. The attack on Assist occurred just weeks before Aeroflot was to decide which company would win the contract; it so greatly affected Assist’s operations that the company was unable to process payments for extended periods of time. Citing the downtime in processing as a factor in its decision, Aeroflot ultimately awarded the contract to neither ChronoPay nor Assist, but instead to Alfa-Bank, the largest private bank in Russia.
According to documents leaked to several Russian security blogs, investigators with the Russian Federal Security Service (FSB) this month arrested a St. Petersburg man named Igor Artimovich in connection with the attacks. The documents indicate that Artimovich — known in hacker circles by the handle “Engel” — confessed to having used his botnet to attack Assist after receiving instructions and payment from Vrublevsky. The same blogs say Vrublevsky has fled the country. Sources close to the investigation say he is currently in the Maldives. Vrublevsky did not respond to multiple requests for comment.

The allegations against Artimovich and Vrublevsky were supported by evidence collected by Russian computer forensics firm Group-IB, which said it assisted the FSB with the investigation. Group-IB presented detailed information on the malware and control servers used to control more than 10,000 infected PCs, and shared with investigators screen shots of the botnet control panel (pictured at left) allegedly used to coordinate the DDoS attack against Assist. Group-IB said Artimovich’s botnet also was used to attack several rogue pharmacy programs that were competing with Rx-Promotion, including Glavmed and Spamit (these attacks also were observed by security firm SecureWorks in February).
This DDoS saga is the latest chapter in a fascinating drama playing out between the two largest rogue Internet pharmacies: Vrublevsky’s Rx-Promotion and Glavmed (a.k.a. “Spamit”), a huge pharma affiliate program run by Igor Gusev, the man who co-founded ChronoPay with Vrublevsky in 2003.
Gusev has been in exile from his native Moscow since last fall, when Russian authorities named him the world’s biggest spammer and lodged criminal charges against him for operating an illegal business. Spamit was forced to close shortly thereafter, and Gusev blames Vrublevsky for using his political connections to sabotage Spamit. Late last year, Gusev launched redeye-blog.com, a blog dedicated to highlighting alleged wrongdoing by Vrublevsky. In one post, Gusev charged that Artimovich agreed to DDoS Spamit.com because he believed forum members fleeing the program would join his own budding spammer forum: the still-active but largely dormant program Spamplanet.
Both ChronoPay and Glavmed/Spamit suffered hacking attacks last year that exposed internal documents, financial dealings and organizational emails. The data leaked from Glavmed/Spamit includes a list of contact information, earnings and bank account data for hundreds of spammers and hackers who were paid to promote the program’s online pharmacies. Those records suggest that for most of 2007, Artimovich was earning thousands of dollars a month sending spam to promote Spamit pharmacy sites.
The document that the FSB used to lay out the case for criminal proceedings against Artimovich, a.k.a. “Engel,” states that he was paid for the DDoS services with funds deposited into a WebMoney account “Z578908302415″. According to the leaked Spamit affiliate records, that same WebMoney account belonged to a Spamit affiliate who registered with the program using the email address “support@id-search.org.” Web site registration records for id-search.org show that the name of the registrant is hidden behind paid privacy protection services. But historic WHOIS records maintained by DomainTools.com reveal that for a two-month period in 2008 those registration records were exposed; during that brief window, records listed the registrant as Igor Artimovich from Kingisepp, Russia, a town 68 miles west of St. Petersburg.
The emails and documents leaked from the hacking intrusion into ChronoPay last year show that Artimovich and Vrublevsky exchanged numerous emails about payment for unspecified services. Among them is an email receipt from WebMoney showing a transfer of more than $9,000 from an account Vrublevsky controlled to Artimovich’s Z578908302415 purse on July 6, 2010, just days before the DDoS attacks began. The notation listed next to the payment receipt? “Engel.”


http://krebsonsecurity.com/2011/06/financial-mogul-linked-to-ddos-attacks/

World Cup DDoS blackmailer sentenced to jail

A court in Düsseldorf, Germany, has convicted a man who extorted money out of online gambling websites in the run-up to the 2010 Football World Cup in South Africa.

The Frankfurt man, who has not been identified, successfully blackmailed three online betting sites (and attempted to extort money from three others) by threatening them with distributed denial-of-service (DDoS) attacks which could have blasted them off the internet.
According to German media reports, the blackmailer hired a botnet for $65 per day and told the betting firms that he would make their websites unavailable during July 2010 - the month of the World Cup - if they did not pay him 2,500 Euros ($3,700). When three of the sites refused to pay any money, the man reduced the ransom to 1,000 Euros.

http://news.hitb.org/content/world-cup-ddos-blackmailer-sentenced-jail

Network Solutions Fights Off Multiple DDoS Attacks:

Two attacks on consecutive days left Web host and domain name registry Network Solutions' customers unable to access their Web sites and servers.

A distributed denial-of-service (DDoS) attack was carried out against Network Solutions on yesterday afternoon, and again this morning, according to a post on the company's official blog by spokesman Shashi Bellamkonda.
"Our engineers worked quickly to mitigate the attacks and services are in the process of being restored," he wrote. "We continue to monitor this situation, as potential risk still exists for these attacks to recur."
Some customers complained of outages and said they could not reach the sites hosted by Network Solutions, and were having trouble accessing their e-mail and reaching their servers as of Tuesday afternoon. The company's Twitter feed was still saying that employees were working on bringing its network back online.

http://news.hitb.org/content/network-solutions-suffers-two-ddos-attacks