FBI takes out malware operation that illicitly made 14 million dollars

• The malware was said to have infected as many as 4 million computers in 100 countries
• Atleast 500,000 infected machines in the USA alone
• Operation Ghost Click resulted in indictments against six Estonian and one Russian national. The Estonians were taken in to custody by local authorities and the US is seeking to extradite them.
• The malware, called DNSChanger, changed the users DNS servers, to use rogue servers run by the botnet operators, and allowed the attackers to basically perform man-in-the-middle attacks against any site they wished.
• The attackers redirected all traffic related to Apple and iTunes to a site that sold fake apple software and pirated music.
• The attackers also stole traffic from legitimate advertising networks and replaced it with their own network, charging advertisers for their ill gotten traffic.
• The malware also blocked windows update and most known virus scanners and help sites.

Pastebin of XBox Live IDs and passwords published

• The pastebin contained 90 game tags, passwords and possibly email addresses
• Microsoft says that they do not believe their network was compromised, and that this list is the result of a small scale phishing attack
• The size of the credential dump seems to support that conclusion
• Regardless, it is recommended that you change your XBox Live password, and the password on any other service that shared the same password, especially the email address used for your XBox Live.

Researchers Uncover ‘Massive Security Flaws’ In Amazon Cloud

• The vulnerability (since fixed) allowed an attacker to completely take over administrative rights on another AWS account, including starting new EC2 and S3 instances, and deleting instances and storage
• An attacker could have run up a huge bill very quickly, and it would appear legitimate.
• Using EC2 to crack passwords becomes even more effective when someone else is paying for your instances
• The vulnerability was exploited using an XML signature wrapping attack, allowing them to modify the signed message while still having it verify as unmodified.
• Amazon said “customers fully implementing the AWS security best practices were not susceptible to these vulnerabilities”
• Previous Article about Amazon AWS Security
• The previous article mostly covers vulnerabilities created by users of AWS, including people publicly publishing AMIs with their SSH keys still in them.

Prison SCADA systems vulnerable to compromise

• Researchers have been able to compromised the SCADA systems and open/close cell doors, overload door mechanisms so they cannot be open/closed, and disable the internal communications systems.
• The researches worked in one of their basements, spent less than $2,500 and had no previous experience in dealing with these technologies.
• Washington Times Article confirms that the research was delivered to state and prison authorities, and that Homeland Security has verified the research
• Researchers were called in after an incident where all of the cell doors on death row at once prison opened spontaneously
• While the SCADA systems are not supposed to be connected to the Internet, it was found that many of them were.
• Some were used by prison staff to browse the Internet, leaving them open to malware and other such attacks.
• While others had been connected to the Internet so they could be remotely managed by consultants and software vendors
• Even without the Internet, researchers found that the system could be compromised by an infected USB drive, connected to the
  SCADA system either via social engineering or bribery of prison employees.

Feedback:

Simon asks about destroying your data before recycling/selling your used hard drives

• There are a number of tools that will overwrite the contents of your hard drive a number of times in various patterns. The goal here is to ensure that any data that was on the drive can not be recovered. There is never a guarantee that the data will not be recoverable.
• Allan Recommends: DBAN – Darik’s Boot And Nuke
• It is still a very good idea to overwrite the data on your disks before you recycle/sell them. The methods are slightly different now, specifically, some methods such as the ‘Gutmann Wipe’ which was designed for a specific type of disk encoding that is no longer users in modern hard drives are no longer effective.
• DBAN supports a number of methods:
• PRNG Stream (recommend) – literally overwrites the entire drive with a stream of data from the Pseudo Random Number Generator. It is recommended that you use 4 passes for medium security, and 8 or more passes for high security.
• DoD 5220.22-M – The US Department of Defence 7 pass standard. The default is DBAN is the DoD Short, which consists of passes 1, 2 and 7 from the full DoD wipe.
• RCMP TSSIT OPS-II – The Canadian governments “Technical Security Standard for Information Technology”: Media Sanitization procedure. (8 passes)
• Quick Erase (Not recommended) – Overwrite the entire drive from 0s, only 1 pass. This is designed for when you are going to reuse the drive internally, and is not considered secure at all
• DBAN also verifies that the data was overwritten properly, by reading back the data from the drive and verifying that the correct pattern is found.
• I am not certain about the answer to your question concerning SD cards and other flash storage not in the form of a hard disk. A file erasure utility may be the only option if the device does not actually accept ATA/SCSI commands (careful, some USB devices pretend to accept the commands but just ignore ones they do not understand)
• Simon’s method of using the shred utility (designed to overwrite an individual file) on the block device, is not recommended. a proper utility like DBAN uses ATA/SCSI commands to tell the disk to securely erase it self, which involves disabling write caching, and erasing unaddressable storage such as those that have been relocated due to bad sectors.
• Special consideration should be given to SSDs, as they usually contain more storage than advertised, and as the flash media wears out, it is replaced from this additional storage. You want to be sure your overwrite utility overwrites the no-longer-used sectors as they will still contain your data. This is why a utility that uses the proper ATA/SCSI commands is so important.
• A utility like DBAN is also required if the disk contained business or customer data. Under legislation such as PIPEDA (Personal Information Protection and Electronic Documents Act, Canada), HIPAA and Sorbanes-Oxley (USA), the information must be properly destroyed.

Round UP:

• MIT server used to scan and attack 100,000 other sites
• Brazilian ISPs Hit with Large-Scale DNS Attack
• Stop Online Piracy Act Supports Blacklisting, Says EFF
• China scorns U.S. cyber espionage charges

ZFS Server Build Progress:

• Finalized Parts List
• Parts Summary:
• Supermicro CSE–829TQ-R920UB Chassis
  • 8 hot swapable SAS bays
  • dual redundant 920 watt high-efficiency PSUs
• Supermicro X8DTU–6F+ motherboard
  • Dual Socket LGA 1366
  • 18x 240pin DDR3 1333 slots (max 288GB ram)
  • Intel 5520 Tylersburg Chipset, ICH10R
  • LSI 6Gb/s SAS Hardware RAID controller
  • Intel ICH10R SATA 3Gb/s SATA Controller
  • IPMI 2.0 with Virtual Media and KVM over LAN
  • Dual Intel 82576 Gigabit Ethernet Controller
• Dual Intel Xeon E5620 Processors (4×2.4Ghz, HT, 12MB Cache, 80W)
• 48GB DDR3 1333mhz ECC Registered RAM
• 2x Seagate Barracuda XT 2TB SATA 6Gb/s 7200rpm Drives (for OS)
• 9x Seagate Consellsation ES 2TB SAS 6Gb/s 7200rpm Drives (8x for RAID Z2, 1x cold spare)
• Adaptec RAID 6805 Controller (8 Internal drives, supports up to 256 drives, 512mb DDR2 667 cache)
• Adaptec AFM 600 Flash Module (Alternative to BBU, provides 4GB NAND flash power by super capacitor to provide zero maintenance battery backup)

The post How Malware Makes Money | TechSNAP 31 first appeared on Jupiter Broadcasting.