Wednesday 23 January 2013

Hacker Hides Malware Code on Cat's Collar

A memory card strapped to the collar contained information on the iesys.exe malware, also known as the 'remote control virus.' In a recent twist that mirrors the the plot of the movie Men In Black, Japanese police have recovered a memory card on the collar of a stray cat that contains clues left by a particularly notorious hacker who claims to have created the "remote control virus."

"On New Year's Day, a string of riddles sent via email to Japanese media outlets eventually led to the cat, who apparently lived on an island near Tokyo," writes PCMag.com's Max Eddy. "The memory card carried by the cat allegedly contained information about iesys.exe, also known as the 'remote control virus,' which is used to take control of infected computers."

"The development is the latest in a bizarre investigation that has previously seen months of threats made against a number of venues -- including a school and a kindergarten attended by grandchildren of Emperor Akihito -- from computers around the country," AFP reports. "The National Police Agency was embarrassed after it emerged that officers had extracted 'confessions' from four people who had nothing to do with sending the threatening messages."

"It turned out that the suspects' computers had indeed been infected with the 'remote control virus,' which let the operator remotely email and post threats from other people's computers, masking the authentic source of the malicious messages," writes Tech News Daily's Ben Weitzenkorn.

The National Police Agency has offered a bounty of 3 million Yen for information leading to the hacker's arrest. "It's the first time that a bounty has been offered for cybercrime in Japan, and it reflects how frustrated the NPA has been in its investigation," writes Wired's Ian Steadman.

Russian Hacker Sentenced to 3 Years in Prison


Vladimir Zdorovenin, 55, of Moscow, Russia, was recently sentenced in Manhattan federal court to three years in prison and a $1 million fine for fraud, identity theft and hacking. Zdorovenin was deported from Switzerland to the U.S. in January of 2012.

"According to the US Department of Justice, the man and his son, Kirill Zdorovenin, are accused of conspiring to steal the personal details, including credit card information, of several US citizens between 2004 and 2005, while residing in Russia," writes Softpedia's Eduard Kovacs.

"The whereabouts of Kirill Zdorovenin are unknown," The Voice of Russia reports. "According to investigators he was the organizer of the 'business.'"

"Prosecutors alleged that the Zdorovenins and unidentified accomplices controlled U.S.-registered companies Sofeco LLC, Pintado LLC and Tallit LL that appeared to be legitimate Internet merchants which sold legitimate goods," writes Bloomberg's Patricia Hurtado. "The defendants both took unauthorized charges on customers' credit cards, prosecutors said. They also got credit card numbers by either buying them from unidentified people who had obtained them illegally or by using computer programs that were surreptitiously installed on victims' computers, the U.S. alleged."

"From his perch halfway across the globe, Vladimir Zdorovenin engaged in a slew of cyber crimes that left multiple victims in the United States," Manhattan U.S. Attorney Preet Bharara said in a statement. "Cybercrime is particularly insidious because there is no need for geographic proximity between perpetrators and their victims, and Zdorovenin’s sentence today should serve as a reminder to others that law enforcement does not require geographic proximity to prosecute these crimes either."

Australian Spies Want to Be Hackers

The Australian Security Intelligence Organization wants permission to hack into suspected terrorists' computers. According to News Limited, the Australian Security Intelligence Organization (ASIO), Australia's spy agency, is seeking authorization to hack into the computers of suspected terrorists.

"The ASIO Act now bans spies from doing anything that 'adds, deletes or alters data or interferes with, interrupts or obstructs the lawful use of the target computer by other persons,'" writes News Limited's Natasha Bita. "But ASIO wants the ban lifted, so Attorney-General Nicola Roxon can issue a warrant for spies to secretly intercept third-party computers to disrupt their target."

In a statement given to News Limited, a spokesman for the Attorney-General's Department said, "The purpose of this power is to allow ASIO to access the computer of suspected terrorists and other security interests. [It would be used] in extremely limited circumstances and only when explicity approved by the Attorney-General through a warrant. Importantly, the warrant would not authorize ASIO to obtain intelligence material from the third party computer."

"The plans are opposed by civil rights organisations and data protection officials," The H Security reports. "The Electronic Frontiers Australia organization has criticised the government for copying the techniques used by cyber-criminals. The Privacy Commissioner for the State of Victoria has complained that the plan is 'extraordinarily broad' and intrudes deep into the basic rights of the third parties involved. He describes the proposed powers as 'characteristic of a police state.'"

Michael Jackson Hackers Sentenced

Looking to reduce IT costs? Learn how to cut expenses without cutting services, plus tactical approaches to controlling costs and cutting power expenses outside of the data center. Download now.
Michael Jackson Hackers Sentenced

The UK's Serious Organized Crime Agency (SOCA) recently announced that hackers James Marks, 27, and James McCormick, 26, both received six-month suspended sentences and were ordered to do 100 hours of unpaid community service work for breaching Sony Music's servers and stealing Michael Jackson songs, including unreleased tracks.

"The hackers, who met through a fan website forum, also downloaded music by artists including Elvis, Beyonce, JLS, Christina Aguilera and Britney Spears," The Telegraph reports. "In total they downloaded around 7,000 files which were completed tracks or the component parts, as well as artwork and videos, SOCA said. Marks and McCormick were arrested in May 2011 after Sony identified the security breach."

"These men stole thousands of copyrighted files belonging to Sony Music," SOCA's Mick Jameson said in a statement. "Our remit is to protect businesses as well as the public, and we will continue to work closely with law enforcement and industry partners to tackle online criminality."

"The pair claimed they only wanted to gather evidence that some Jackson material released after his death didn't actually feature the singer's voice," writes BBC's Jim Taylor. "Sony Music has always denied that vocals on some tracks on the posthumous album 'Michael' were done by another singer. ... Speaking outside court, James Marks said he was sorry for downloading the files but was still determined to prove Michael Jackson didn't sing on some tracks on 'Michael.'"





Hackers Steal $40,000 from Vancouver Island Church


The hackers appear to have gained access to the church's bank account through an employee's home computer. The Nanaimo Daily News reports that hackers recently stole $40,000 from the online bank account of a church on Vancouver Island. "40,000 dollars was taken from Ladysmith First United Church over the holiday season and it was all done by the click of a computer's mouse," writes CTV Vancouver Island's Scott Cunningham. "[The Royal Canadian Mounted Police] say over a 10 day period in late December, six withdrawals from the church’s online account racked up thousands of dollars in losses. Credit Union staff say the Internet hacker gained access to a church employee’s home computer, found vital passwords and went to work."

"Representatives of the church became suspicious over Christmas, and reported the disappearance of funds Dec. 27," writes The Nanaimo Daily News' Darrell Bellaart. "More money went missing after that, and police are working to trace the online footprint of those responsible."

"Somehow their account at one of the local financial institutions was compromised through the Internet," Cpl. Tim Desaulniers of the Royal Candian Mounted Police told Bellaart. "It's very preliminary right now. It looks like it originated down East." "So far, the crime is considered an isolated incident," Bellaart writes.

University of Western Sydney Hacked

The hackers are protesting the university's new iPad initiative, which they call 'nothing more than a marketing gimmick.' Australia's University of Western Sydney (UWS) has acknowledged that a UWS e-mail list was recently breached.

"The list has been shut down and a full investigation is underway," the university said in a statement. "We would like to assure you that this was limited to the email list and that other than an unfortunate amount of spam, your UWS Account is not under any threat. UWS IT Services apologises for the inconvenience caused and will report back with further information following the investigation."

"However, some students have reported receiving 300 spam emails as a result of the incident," writes Softpedia's Eduard Kovacs. "According to Mahmoud Elkhodr, an associate lecturer at the University of Western Sydney, one of the spam emails criticized the university’s iPad Initiative -- a program started by the institution in an effort to support learning and teaching innovations."

College Student Expelled for Uncovering Security Flaw


Ahmed Al-Khabaz came across a vulnerability that exposed students' Social Insurance Numbers, class schedules, home addresses and phone numbers. The National Post's Ethan Cox reports that Ahmed Al-Khabaz, a 20-year-old computer science student at Montreal's Dawson College, was expelled following his discovery of a security flaw that exposed more than 250,000 Quebec college students' personal information.

"Al-Khabaz ... was working on a mobile app to allow students easier access to their college account when he and a colleague discovered what he describes as 'sloppy coding' in the widely used Omnivox software which would allow 'anyone with a basic knowledge of computers to gain access to the personal information of any student in the system, including social insurance number, home address and phone number, class schedule, basically all the information the college has on a student,'" Cox writes.

"So Al-Khabaz took the issue to the school's Director of Information Services and Technology," writes Gizmodo's Kyle Wagner. "The meeting went well, and he was told that Skytech, that company that makes the software in question, would get right on it. After not hearing back for a few days, Al-Khabaz decided to check to see if the vulnerability had been patched, using a program called Acunetix. That was a mistake."

"Shortly after, he was contacted by the president of Skytech who accused him of launching a cyberattack against the company," writes Softpedia's Eduard Kovacs. "Skytech told the student that he could go to jail, unless he signed a non-disclosure agreement. The student agreed to sign the non-disclosure agreement, but his problems were far from being over."

"While Skytech saw the probe by Al-Khabaz as the mistake of an overeager student, Dawson College administrators decided to take disciplinary action," writes Ars Technica's Sean Gallagher. "After he was interviewed by the dean of Dawson and his Computer Science program coordinator, the details were brought to a meeting of 15 professors in the school's Computer Science department. By a 14-to-1 vote, they moved to expel him."