Monthly Archives: November 2015

Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Anti-ISIS hackers claimed to have detected indicators of an impending attack on Paris as well bitcoin funding, a wallet with over $3 million, used by ISIS militants. During Dateline coverage after the terrorist attacks on Paris, Lestor Holt asked, “Does this change the game in terms of intelligence?” Andrea Mitchell replied, “It does,” before discussing how intelligence missed any type of communication regarding the coordinated attacks. She added, “There’s such good surveillance on cell phones and there’s such good communications ability by the intelligence gathering in Europe, especially in France, especially in Great Britain and in the United States. So they may have been communicating via social media or through codes. And that’s the kind of thing that is very concerning to U.S. intelligence.” After the Charlie Hebdo massacre, France passed an “intrusive” surveillance bill, granting the government the power “to wiretap communications, install secret surveillance cameras and sweep up metadata.” That didn’t stop the horrific attacks on Paris, aka “Paris’ 9/11,” and more ubiquitous and invasive surveillance is not the answer. Matthew Williams, a researcher of computational criminology at Cardiff University in Wales, told Mic that “picking out singular acts of crime or terror from an indiscriminate pile of civilian noise is all but impossible.” Ghost Security Group detected indicators of attack on Paris Even with all the surveillance, intelligence groups again missed indicators of a credible terrorist attack. Yet in an interview with NewsBTC, a member of the hacktivist group “Ghost Security Group” claims it “did detect several indicators of an attack impending and are currently in the process of collecting valuable evidence for United States government officials.” ISIS and bitcoin funding DW (Deutsche Welle) previously reported that the Islamic State is experimenting with currency, specifically gold and bitcoin. One bitcoin wallet received around $23 million in a month; anti-ISIS hackers from GhostSec followed a chain of transactions to another wallet with over $3 million in bitcoins. Ghost Security Group confirmed to NewsBTC that ISIS is “extensively using bitcoin for funding their operations” and that the group has “managed to uncover several bitcoin addresses used by them.” Furthermore, bitcoin is “their prime form of cryptocurrency.” No evidence was given, such as the bitcoin wallet address, as the hackers “cannot go into more detail at the moment on current investigations.” GhostSec Background GhostSec (Ghost Security), a hacktivist group which is an offshoot of Anonymous, has been attacking thousands of ISIS social media accounts and public websites since early this year. The group is not alone; in February, Anonymous and the Redcult Team called ISIS a virus that it planned to cure during Operation ISIS (#OpISIS). A GhostSec spokesperson claimed that ISIS, ironically, has been using Google and Amazon Web Service to avoid U.S. and international intelligence agencies and to shield itself and its websites from being hacked by Ghost Security Group; the latter has been credited with stopping terrorist attacks. DigitaShadow, executive director of the Ghost Security Group, told IBTimes UK, that the group discovered terrorist threats against Tunisia in July, and also uncovered evidence that foiled a terrorist attack in New York on July 4. The hacktivist group has also been credited with discovering and reporting other credible extremist threats. GhostSec keeps a running tally of Twitter IDs reported, server IPs reported to host extremist content, Facebook, Tumblr, YouTube and other common sites as well as “uncommon sites” that have been reported as being dedicated to extremist causes and “could/should be targeted and brought down.” It also has a way to submit potential terrorism-related content and other tools. The hacking group has targeted and bypassed CloudFlare “to determine the actual website that they need to attack to takedown the actual website.” Ghost Security Group Ghost Security reportedly formed earlier this year after the terrorist attacks against Charlie Hebdo offices in Paris. Earlier this month, Ghost Security Group split (pdf) from “Ghost Security.” Ghost Security Group is a counter terrorism network that combats extremism on the digital front lines of today utilizing the internet and social media as a weapon. Our cyber operations consist of collecting actionable threat data, advanced analytics, offensive strategies, surveillance and providing situational awareness through relentless cyber terrain vigilance. The newly formed Ghost Security Group (GSG) said (pdf) it “needed to address some misapprehensions concerning our group. Much of that stemmed from our uses of menacing graphics which resemble logos used by illicit cyber networks. Perceptions matter and all of that was undermining our abilities to cultivate relationships with officials who now recognize our capabilities to add value to counter terrorism initiatives.” The new group has a new website that has a more corporate-like appearance, while Ghost Security uses the older .org website. Ghost Security Group added (pdf): The group’s new trademarked look discards the hoodies and Guy Fawkes masks so often associated with publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites in favor of pristine, white graphics devoid of any reference to illegal activities. Part of the transition has included discarding their old brand and website, www.GhostSec.org , which are now used by former group members who have a different philosophy and approach to combating ISIS online. Ghost Security Group has 12 core members, some of whom work “16 hours a day … and 7 days a week nonstop” to identify surface-level and hidden Deep Web sites that are suspected to be related to the Islamic State; the group receives tips from volunteers and part-time helpers. Foreign Policy reported the group receives 500 tips every day. Data-mining, identity stitching, email monitoring, predictive analysis, social media surveillance, terrorism financing and social engineering are but some of the things listed among GSG’s counter surveillance capabilities. Some members of the small group of terrorist hunters have “ex-military or cybersecurity backgrounds.” GSG said it “monitors over 200 known violent extremist websites for actionable threat data and analysis;” it has “identified and terminated over 100,000 extremist social media accounts that were used primarily for recruitment purposes and transmission of threats against life and property.” It is GSG that claims to have detected indicators of the attack on France. Can you believe that? Michael Smith, co-founder of Kronos Advisory and an advisor to U.S. Congress, forwards about 90% of GhostSec’s leads to the FBI. Even retired Gen. David Petraeus, formerly head of the CIA, told Foreign Policy, “[Smith] has shared with me some of the open source data he has provided to various U.S. agency officials, and I can see how that data would be of considerable value to those engaged in counter-terrorism initiatives.” Regarding ISIS and bitcoin funding, one unnamed GSG hacker said, “Most of the Bitcoin funding sites utilized by the Islamic State are on the deep web and we have managed to uncover several and successfully shut them down in order to limit the funding extremists receive through the use of cryptocurrencies.” The feds claim encryption is a terrorist’s tool, so hopefully the horrible attacks on Paris won’t add fuel to their encryption-is-evil claims. In the same way that all encryption is not bad, bitcoin is not used exclusively by terrorists; hopefully the ISIS-bitcoin-funding issue won’t take a twist and lead to the bashing of cryptocurrencies or a push for more surveillance laws. If you like the idea of cyber vigilantes going after ISIS instead of the government, and if you want to help stop ISIS and other extremist groups, GSG said to report “suspicious activities.” Tips go through a “rigorous review process before a website is cleared for termination.” Every potential “target is reviewed by five members – often including a native Arabic speaker – and ranked by level of threat.” When “asked if their destruction of Islamic State websites sets a bad precedent for freedom of speech online,” GSG’s @DigitaShadow answered: “No. Free speech isn’t murder.” Source: http://www.networkworld.com/article/3005308/security/hacktivists-claim-isis-terrorists-linked-to-paris-attacks-had-bitcoin-funding.html  

Continue Reading:
Hacktivists claim ISIS terrorists linked to Paris attacks had bitcoin funding

Merseyside DDoS daddy given eight months behind bars

When bragging of your illegal exploits, leave off your real name A UK man has been given eight and a half months in prison for launching a series of distributed denial-of-service attacks in 2013.…

More:
Merseyside DDoS daddy given eight months behind bars

Security blogger Graham Cluley’s website suffers DDoS attack

A distributed denial-of-service attack (DDoS) is a cheap but effective way to take out your target’s website by flooding it with so much traffic that the web server becomes overwhelmed and the website crashes. There are those who use DDoS attacks as a kind of online protest, such as hacktivist groups like Anonymous. Then there are those who do it to “amuse” themselves, like the Lizard Squad who took out Playstation and Xbox servers on Christmas Day last year. And then there are other DDoS attacks that come from cybercriminals who don’t care about politics or hijinks – they just want money. Recently a cybergang calling itself the Armada Collective has been attempting to extort money from victims by threatening DDoS attacks unless a ransom is paid in bitcoins. One Swiss company, the encrypted webmail provider ProtonMail, recently paid $6000 in bitcoins after receiving a ransom from the Armada Collective, it said. The site was still DDoSed. And now, the latest site to fall victim to a DDoS attack is that of former Naked Security writer Graham Cluley. We don’t know why Graham was targeted, but on Twitter he noted that he didn’t receive a ransom demand, so it must have been “personal.” Unfortunately, it doesn’t take much skill to launch this kind of attack. Anybody with a little bit of money and the will to wreak havoc can launch DDoS attacks with simple DDoS-for-hire web tools that harness armies of zombified computers to bombard your website with thousands or millions of illegitimate web requests. DDoS attacks are simple but destructive – if your website goes down for any period of time, your customers can’t get through and you end up losing new sales, losing customers, or missing out on ad revenue, depending on what your website’s purpose is. In Graham’s article about how ProtonMail initially caved to the extortion demands, but then had a change of heart, Graham wrote something very sensible about how we should treat extortionists, blackmailers and ransom-takers: No-one should ever pay internet extortionists. For those who receive a ransom demand, it might seem like a few thousand dollars is a fair price to pay when your customers are complaining they can’t access your services, and your business is hurting. But if we pay the extortionists’ demands, that will only give them more reason to do it again. Source: http://www.mysec.hu/magazin/kuelfoeldi-hirek/20413-security-blogger-graham-cluley-s-website-suffers-ddos-attack

Continue reading here:
Security blogger Graham Cluley’s website suffers DDoS attack

Open source Twittor tool can control botnets via Direct Messages

A security researcher has created a tool that allows botnet masters to control their botnet by simply sending out commands via Twitter accounts. “I mostly wanted to create a PoC after Twitter decid…

Visit site:
Open source Twittor tool can control botnets via Direct Messages

Twitter DM character limit liberation spells opportunity for botnets

Direct message command and control hides in the walla walla rhubarb. London security researcher Paul Amar has built a tool capable of exploiting Twitter’s extended direct messaging function for covert botnet command and control.…

See original article:
Twitter DM character limit liberation spells opportunity for botnets

FastMail the latest victim of a sustained DDoS offensive

FastMail has been subjected to a number of distributed denial of service (DDoS) attacks, the premium email provider has revealed. The Australian-based company said that the cyber offensive first took place in the early hours of November 8th, which took some of its services offline. In response it immediately “enabled mitigation strategies”, which proved successful in bringing the DDoS attack to an end. However, the following day, at around the same time, the cybercriminal once again launched another onslaught. This second-round of attacks came with a ransom demand, which threatened FastMail with more chaos if it didn’t hand over 20 Bitcoins (worth approximately £7,500). The company said that it does not respond to attempts of extortion and will not bow to pressure from the cybercriminal. “Over the last week, several email providers, including Runbox, Zoho, Hushmail and ProtonMail have been hit by large scale DDoS attacks, accompanied by an extortion demand from the attacker to stop,” FastMail outlined. “The goal of the attacker is clearly to extort money in the hope that the services will not be prepared to deal with the disruption. “With one exception, where ProtonMail paid the criminals and was still attacked, we do not believe the extortion attempts have been successful, and we fully intend to stand up to such criminal behaviour ourselves.” The company says that it is actively working to keep its services running as best as possible and that it has utilized knowledge gained from past DDoS attacks to help it react to numerous situations. The attack on ProtonMail is one of the most high-profile cases of 2015, which the encrypted email provider has described as the “largest and most extensive cyberattack in Switzerland”. A DDoS attack is when numerous computers make repeated requests for information to one computer or device. This has the effect of ‘overwhelming’ a computer or device’s ability to deal with the requests, resulting in it slowing down or crashing. Source: http://www.welivesecurity.com/2015/11/12/fastmail-latest-victim-sustained-ddos-offensive/

See original article:
FastMail the latest victim of a sustained DDoS offensive

FastMail falls over as web service extortionists widen attacks and up their prices

Concerted assaults on five providers and counting FastMail has become the latest web services company to get taken down by distributed denial of service (DDoS) raiders who are trying to extort Bitcoins in exchange for internet access.…

Visit site:
FastMail falls over as web service extortionists widen attacks and up their prices

ProtonMail comes back online, shores up DDoS defenses

ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week. The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline. Now it has partnered with Radware, which offered its DDoS mitigation service for a “reasonable price,” allowing service to resume, ProtonMail wrote in a blog post on Tuesday. “The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future,” the company wrote. The first group of attackers, which call themselves the Armada Collective, asked ProtonMail for a ransom in bitcoin before launching attacks early on Nov. 4. The Swiss Governmental Computer Emergency Response Team warned in September about blackmail attempts by the Armada Collective. They tend to launch a demo attack while demanding 10 or 20 bitcoins, and larger attacks follow if the ransom isn’t paid. Controversially, ProtonMail paid the ransom. The company wrote in a blog post that it was under pressure from other companies to pay it in order to stop the attacks. However, ProtonMail later edited the blog post, writing that paying “was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will never pay another ransom.” The second group’s attack on ProtonMail had wide-ranging effects on its service providers and other companies, which also were knocked offline. The 100Gbps-attack brought down ProtonMail’s ISP, including the ISP’s routers and data center. ProtonMail suspected that the second group might be state-sponsored hackers because of the severe damage inflicted. Bizarrely, the Armada Collective told ProtonMail it wasn’t responsible for the second set of attacks. By Sunday, ProtonMail began recovering. An ISP, IP-Max, set up a direct link from ProtonMail’s data center to a major Internet connection point in Zurich in less than a day, it wrote. Level 3 Communications lent a hand with IP transit. An appeal for donations to put in better protections against DDoS has netted $50,000 so far as well. ProtonMail’s service is free, but eventually it plans to introduce paid-for premium options. ProtonMail is now using Radware’s DefensePipe, a cloud-based service. Other companies, ProtonMail said, offered their services but “attempted to charge us exorbitant amounts.” ProtonMail offers a full, end-to-end encrypted email service and has more than 500,000 users. Although it has been possible to encrypt email for decades, interest has increased since documents leaked by former U.S. National Security Agency contractor Edward Snowden showed massive data-collection operations by western spy agencies. Source: http://www.pcworld.com/article/3004157/protonmail-comes-back-online-shores-up-ddos-defenses.html

See original article:
ProtonMail comes back online, shores up DDoS defenses

ProtonMail ‘mitigates’ DDoS attacks, says security not breached

Launch of ProtonMail 3.0 now knocked back ProtonMail has announced that it has successfully mitigated the DDoS attacks which had hobbled it since last week, while also confirming security systems had not been breached.…

More:
ProtonMail ‘mitigates’ DDoS attacks, says security not breached

ProtonMail restores services after epic DDoS attacks

After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the last week.

Continued here:
ProtonMail restores services after epic DDoS attacks