Information Security News
A former Subway sandwich shop franchisee pled guilty to taking part in a scheme to hack point-of-sale terminals for at least 13 stores and obtaining gift cards worth $40,000.
Shahin Abdollahi, who also ran a business that sold and maintained point-of-sale terminals, sold the computerized checkout registers to the Subway shops that were illegally accessed, according to federal prosecutors in Massachusetts. He set up the terminals with software from LogMeIn, which allows people to remotely log in to PCs over the Internet. Abdollahi and other conspirators then used the software to repeatedly access the Subway terminals without authorization, usually early in the morning, when the restaurants were closed. Once logged in, they loaded gift cards with credit totaling $40,000. Co-conspirator Jeffrey Wilkinson, 37, of Rialto, California, would then advertise the cards for sale on eBay and Craigslist and hand deliver them to buyers.
On Wednesday, Abdollahi 46, of Lake Elsinore, California, pled guilty in federal court in Massachusetts to one count of conspiracy to commit computer intrusion and wire fraud and one count of wire fraud. He is scheduled to be sentenced on for August 6. Wilkinson, 37, of Rialto, California, pled guilty in February and is scheduled to be sentenced on May 28. It's not the first time Subway point-of-sale terminals have been illegally accessed by crooks for purposes of skimming the till. In 2012, two men pled guilty to participating in an international conspiracy that hacked into credit-card payment terminals at more than 150 Subway franchises and racked up more than $10 million in losses.
by Sean Gallagher
A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered. These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”
The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.
The NSA manager described the process:
Terrorists loyal to al Qaeda and its offshoots are using new encryption software, most likely in response to revelations that the National Security Agency is able to bypass standard cryptographic protections as part of an expansive surveillance program, according to a recently released report from intelligence firm Recorded Future.
The three new major encryption tools were adopted within a three- to five-month period following leaks from former NSA contractor Edward Snowden, according to the report. The apps replace or bolster the original Mujahideen Secrets crypto program that al Qaeda members have mainly used for e-mail since 2007. One of the new releases, known as Tashfeer al-Jawwal, is a mobile program developed by the Global Islamic Media Front and released in September. A second, Asrar al-Ghurabaa, was released by the Islamic State of Iraq and Al-Sham in November, around the same time the group broke away from the main al Qaeda group following a power struggle. The third program is known as Amn al-Mujahid and was released in December by that Al-Fajr Technical Committee.
The influx of new programs for al Qaeda members came amid revelations that the NSA was able to decode vast amounts of encrypted data traveling over the Internet. Among other things, according to documents Snowden provided, government-sponsored spies exploited backdoors or crippling weaknesses that had been surreptitiously and intentionally built in to widely used standards.
We all know that the ssh honeypot "kippo" is a great tool. But it is awful easy for an attacker to figure out that they are connected to a kippo honeypot. The latest trick I see people use is to run the "file" command, which is not impleneted in kippo. For example:
# file /sbin/init
bash: file: command not found
While on a real system, I would get
# file /sbin/init
/sbin/init: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x7aa29ded613e503fb09fb75d94026f3256f01e7a, stripped
This is a bit a tricky one to "fix" in that it requires more then just a static response as the attacker may try different files to test. So it would require something like a full database of possible files to try. Or (risky...) an implementation that would use actual output from the system kippo is running on.
Maybe I will have a patch for kippo latre today to implement either solution.
Posted by InfoSec News on May 14http://www.techweekeurope.co.uk/news/microsoft-word-vulnerability-used-target-taiwanese-government-145370
Posted by InfoSec News on May 14http://thesmokinggun.com/documents/eekdacat-and-the-fbi-576432
Posted by InfoSec News on May 14http://www.infoworld.com/t/cyber-crime/want-perfect-security-then-threat-data-must-be-shared-242383
Posted by InfoSec News on May 14http://www.thejakartaglobe.com/news/cybercrime-threat-growing-concern-police/
Posted by InfoSec News on May 14http://www.fool.com/investing/general/2014/05/13/tjx-succeeds-where-target-struggles.aspx