Schools in China Say They Weren’t Behind Hacking
Two prominent schools in China dispute allegations that hacking attacks on Google and other firms originated from them, a report said Saturday.
The New York Times reported late Thursday that security investigators traced the hacking to computers at Shanghai Jiaotong University and Lanxiang Vocational School in China.
The official Xinhua News Agency cited an unnamed university spokesperson Saturday as saying the allegation against it is baseless, and an official at the vocational school said its investigation found no evidence the attacks originated there.
Li Zixiang, a Communist party official in the Lanxiang school in the eastern Shandong province, said students there are currently on their winter break. He also disputed the Times report that some evidence linked attacks to one computer science class taught by a Ukrainian. “We have never employed any foreign staff,” Xinhua quoted Li as saying.
Another official at the vocational school disputed the Times’ report that Lanxiang had close ties to the military.
Zhou Hui, director of the school’s general office, told Xinhua that some students had joined the military after school, but it was natural for citizens to do so.
Google revealed Jan. 12 that digital thieves had stolen some of its computer code and tried to break into the accounts of human rights activists opposed to China’s policies. The sophisticated theft also targeted the computers of more than 30 other companies, according to security experts.
Full Story: ABC News
New tool to detect Aurora malware behind Google hack
Security vendor HBGary has released a free software tool that can remove “Aurora” malware, linked to corporate espionage at more than 30 companies.
Called the Aurora Inoculation Shot, this utility will remotely scan Windows machines over the network for signs of Aurora and can remove the malicious software as well. It uses the Windows Management Instrumentation services to carry out the inoculation.
Although Aurora has been linked to attacks on just 34 companies, the software has captured the attention of corporate executives, because some believe that is connected to a widespread industrial espionage campaign originating from China.
Full Story: Tech World
Hacking for Fun and Profit in China’s Underworld
With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims.
“Here’s a list of the people who’ve been infected with my Trojan horse,” he says, working from a dingy apartment on the outskirts of this city in central China. “They don’t even know what’s happened.”
As he explains it, an online “trapdoor” he created just over a week ago has already lured 2,000 people from China and overseas — people who clicked on something they should not have, inadvertently spreading a virus that allows him to take control of their computers and steal bank account passwords. Majia, a soft-spoken college graduate in his early 20s, is a cyberthief.
Full Story: NY Times
Hackers for Hire
They go by names such as Piratecrackers, Yourhackers and Slickhackerz. Although illegal, a handful of internet services brazenly advertise that for a usual hundred dollar fee they can obtain almost any email password. One site boasts that it provides an ideal way to catch a cheating spouse or significant other.
George Washington University Law professor, Orrin Kerr who worked as a prosecutor specializing in computer crime said although these services are breaking the law, prosecuting them is “a low priority for law enforcement.” According to Kerr the crimes are hard to investigate because “not many victims know they have been victimized.”
Internet security consultant Kevin Mitnick, said these hackers for hire use “social engineering” rather than technology to hack into a victim’s email account. In other words they use elaborate trickery to fool people into revealing their passwords. Mitnick should know. He was once the FBI’s most wanted hacker. After serving five years in prison he turned his life around.
Full Story: Fox News
Why the ‘China virus’ hack at US energy companies is worrisome
Since the 9/11 attacks, national security has largely been about protecting the US homeland against radical Islamists. But as dangerous as al-Qaeda and other groups have proven to be, the threat they represent is not as systemic as the ongoing threat of cyber-warfare.
Right now, there is every reason to believe a covert cyber-war is underway and that crucial industrial information has made its way to computers in China.
When Google announced two weeks ago that Chinese hackers had broken into its Gmail system, the target appeared to be information about human-rights activists in China. But hackers operating from Chinese servers are also systematically targeting the IT networks of major US companies to extract valuable competitive intelligence in areas like technology and energy resources.
Full Story: CS Monitor
Hackers Hit Chinese Human Rights Groups Sites
Hackers hit five Chinese human rights groups with distributed denial of service attacks over the weekend. Among the targeted sites was Chinese Human Rights Defenders, which was hit by a 16 hour attack, beginning on Saturday, according to the site.
`
Also targeted over the weekend were the sites Civil Rights and Livelihood Watch, Canyu, New Century News, and the Independent Chinese Pen Center. Two of the targeted sites were also hit with malware attacks.
The DDoS attacks follow the recent attack on Google in China, which caused the Internet giant to rethink its presence in that country.
Full Story: PC Magazine
U.S. Army Website Hacked
Romanian hackers continue to have a field day with SQL injection flaws in major Website applications: A vulnerability in a U.S. Army Website that leaves the database wide open to an attacker has now been exposed.
“TinKode,” a Romanian hacker who previously found holes in NASA’s Website, has posted a proof-of-concept on his findings on a SQL injection vulnerability in an Army Website that handles military housing, Army Housing OneStop. TinKode found a hole that leaves the site, which has since been taken offline, vulnerable to a vulnerable to a SQL injection attack. “With this vulnerability I can see/extract all things from databases,” he blogged.
TinKode was able to gain access to more than 75 databases on the server, according to his research, including potentially confidential Army data. He also discovered that the housing site was storing weak passwords in plain text. One password was AHOS, like the site’s name.
Full Story: Dark Reading
Google to Stop Censoring Search Results in China After Hack Attack
Google has decided to stop censoring search results in China, after discovering that someone based in that country had attempted to hack into the e-mail accounts of human rights activists. The company disclosed the move in a startling announcement posted to its blog late Tuesday.
Google said it was prepared to pull its business out of China, if issues around the surveillance and its decision to stop censoring results could not be resolved with the Chinese government.
Although the company did not accuse the Chinese government of being behind the hack attacks, Google said that the attacks, combined with attempts by China over the last year to “further limit free speech on the web” led it to conclude that it needed to “review the feasibility of our business operations in China.”
The company decided it will no longer censor search results on Google.cn, which it had been doing as a concession to the Chinese government since 2006 in order to be able to operate in China. The company didn’t say when it would stop censoring material but stated that it would be discussing with Chinese authorities how it might continue to operate legally in China, if at all, with an unfiltered search engine.
“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” wrote David Drummond, Google’s chief legal officer and senior vice president for corporate development.
Full Story: Wired
Hackers Further Exploit PDF Vulnerability Ahead Of Patch
Non-fans of the PDF file format now have one more reason to harbor negative feelings towards it. Hackers have found another way to exploit a vulnerability on a rather large scale, and it’s supposed to be five more days before Adobe puts a fix in place.
Jessa De La Torre, a threat response engineer at Trend Micro, explained the latest danger in a blog post, writing, “The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system.”
De La Torre then continued, “When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system.”
Full Story: Security Pro News
Hackers deface 5th govt Web site, mock automated polls
Another government Web site was found defaced Sunday night – the fifth attack since last month.
Hackers of the Technical Education and Skills Development Authority (Tesda) Web site, however, took on a bolder approach by leaving a message that seemed to mock the upcoming automated elections.
“Ano ba gagamitin sa Election? Blade server? Juniper Firewall (what is going to be used in the elections? Blade server? Juniper firewall)?” the message read.
Before Tesda’s, hackers had also victimized the Web sites of the Department of Health (DOH), Department of Social Welfare and Development (DSWD), National Disaster Coordinating Council (NDCC), and Department of Labor and Employment (DOLE).
Malacañang has expressed alarm over the series of hacking attacks on government Web sites, saying it raises new concerns about the security of the automated elections in May.
Full Story: GMA News
