Information Security News
Over a year after the arrest of eight of its members in Russia, the alleged leader of the original Carberp botnet ring that stole millions from bank accounts worldwide has been arrested, along with about 20 other members of the ring who served as its malware development team. The arrests, reported by the news site Kommersant Ukraine, were a collaboration between Russian and Ukrainian security forces. The alleged ringleader, an unnamed 28-year-old Russian citizen, and the others were living throughout Ukraine.
Initially launched in 2010, Carberp primarily targeted the customers of Russian and Ukrainian banks and was novel in the way it doctored Java code used in banking apps to commit its fraud. Spread by the ring through malware planted on popular Russian websites, the Carberp trojan was used to distribute targeted malware that modifies the bytecode in BIFIT's iBank 2 e-banking application, a popular online banking tool used by over 800 Russian banks, according to Aleksandr Matrosov, senior malware researcher at ESET. The botnet that spread the malware, which was a variant of the Zeus botnet framework, also was used to launch distributed denial of service attacks.
In February of 2011 the group put its malware on the market, selling it to would-be cybercriminals for $10,000 per kit—but it pulled the kit a few months later.
Posted by InfoSec News on Apr 04http://www.bloomberg.com/news/2013-04-04/cyberattacks-abound-yet-companies-tell-sec-losses-are-few.html
Posted by InfoSec News on Apr 04http://www.guardian.co.uk/uk/2013/apr/03/offshore-secrets-offshore-tax-haven
Posted by InfoSec News on Apr 04http://www.jewishpress.com/news/breaking-news/international-hackers-to-target-israel-on-april-7/2013/04/03/
Posted by InfoSec News on Apr 04http://thehill.com/blogs/hillicon-valley/technology/291743-house-intel-panel-plans-closed-door-mark-up-of-cybersecurity-bill
Posted by InfoSec News on Apr 04http://www.nationaljournal.com/tech/this-defense-contractor-is-repeatedly-spear-phishing-68-000-innocent-people-20130403
A Twitter and Flickr account associated with a North Korean news agency has been taken over by hackers claiming to be from the hacktivist collective Anonymous. Instead of pro-North Korea propaganda, the accounts are now criticizing North Korea and its leader Kim Jong-un for building nuclear weapons. The hackers controlling the Twitter account also claimed to have hacked the news agency's website and other North Korean websites, which appear to be offline.
The Twitter and Flickr accounts represent Uriminzokkiri (meaning "Our Nation"), a North Korean news and propaganda site. When Uriminzokkiri established a Twitter account in 2010, the IDG News Service described the news site as "the closest thing North Korea has to an official home page" and "one of the few Web sites believed to be run from the secretive nation."
The Twitter page, with 14,000 followers, switched from posting in Korean to English this morning. The profile picture was changed to an illustration of two dancers wearing Guy Fawkes masks. The hackers of the Flickr account are posting various pro-Anonymous and anti-North Korea pictures. One depicts Kim Jong-un with pig ears and a Mickey Mouse picture on his chest and says he is "threatening world peace with ICBMs and Nuclear weapons."
Plans to populate the Internet with dozens of new top-level domains in the next year could give criminals an easy way to bypass encryption protections safeguarding corporate e-mail servers and company intranets, officials from PayPal and a group of certificate authorities are warning.
The introduction of Internet addresses with suffixes such as ".corp", ".bank", and ".ads" are particularly alarming to these officials because many large and medium-sized businesses use those strings to name machines inside their networks. If the names become available as top-level domains to route traffic over the Internet, private digital certificates that previously worked only over internal networks could potentially be used as a sort of skeleton key that would unlock communications for huge numbers of public addresses.
A secure sockets layer certificate used by employees to access a company intranet designated as ".corp", for instance, might be able to spoof a public credential for the website McDonands.corp or Ford.corp. Employee laptops that are used at an Internet cafe or other location outside of a corporate network might also be tricked into divulging private information.