How do you take some of the world’s largest online brands offline in a matter of minutes? If yesterday’s events are any guide, you do it by finding a gullible employee at vulnerable, downstream partner that those companies didn’t even know they had. That’s the lesson that appears to be emerging in the aftermath of yesterday’s chaotic tug of war between hackers who claim affiliation with The Syrian Electronic Army and some of the world’s leading online brands, including The New York Times, Twitter and Huffingtonpost.com. The attacks on Tuesday saw traffic to sites owned by those firms directed to web servers controlled by the attackers which displayed messages in support of the regime of embattled President Bashar al-Assad. According to a story in The New York Times, the attackers were able to compromise systems operated by Melbourne IT, an Australian domain registrar used by many prominent firms. With access to […]
Tag: hacks
Updated – Hackout: Philips Smart Lightbulbs Go Dark In Remote Attack
Add lightbulbs to the list of everyday technology that is 1) Internet connected and 2) vulnerable to crippling remote attacks.* Writing on Tuesday, security researcher Nitesh Dhanjani disclosed a proof of concept hack against HUE lightbulbs, a brand of wi-fi enabled bulbs manufactured by the firm Philips. The vulnerability discovered by Dhanjani allows a remote attacker to use her mobile device to control HUE. HUE wi-fi enabled bulbs are sold at Apple stores and allow users to control the function and color of the bulbs using iPhone and Android mobile apps. Dhanjani published his findings in a paper, “Hacking Lightbulbs,” which calls the HUE system of bulbs and a wireless bridge “wonderfully innovative,” but also prone to hacking. The most serious flaw discovered would allow a remote attacker to impersonate a white-listed (or “allowed”) mobile device, sending commands to HUE bulbs that could cause them to turn off or manipulate […]
New Mobile Malware Taps Ad Networks To Spread
It was only a couple weeks back that we wrote about new research from the folks at WhiteHat Security that posited a way for mobile ad networks to be gamed and used to distribute malicious code. Now it looks as if the bad guys were one step ahead, as researchers at Palo Alto Networks reveal new type of malicious Android malware that uses mobile ad networks to infect vulnerable devices. Palo Alto described the new, malicious mobile software, dubbed “Dplug,” in a blog post on Monday. The company said the malware authors appear to be leveraging second tier mobile ad networks, mostly in Russia and the former Soviet Republics), to distribute their wares. The Dplug malware takes advantage of the deep integration between mobile applications and mobile advertising networks to gain a foothold on infected devices, then send out messages to premium SMS services to generate money for the fraudsters, according […]
Security Of “Things” Increasingly The Stuff Of Headlines
It looks as if the mainstream media is waking to the security implications of the “Internet of Things,” in the wake of recent demonstrations at the Black Hat and DEFCON conferences that highlight vulnerabilities in everything from home automation systems to automobiles to toilets. Stories in The New York Times and other major news outlets in the last week have highlighted concerns about “the cyber crime of things” as Christopher Mims, writing in The Atlantic, called it. Insecure, Internet connected devices ranging from surveillance cameras to home heating and cooling systems could leave consumers vulnerable to remote attacks and spying. The stories come after hacks to non-traditional computing platforms stole most of the headlines from this year’s Black Hat and DEFCON shows in Las Vegas. A compromise of a Toyota Prius hybrid by researchers Charlie Miller of Twitter and Chris Valasek of IOActive was featured prominently in stories by Forbes and […]
Are Anti-Mule Ops Breaking The Bank Fraud Kill Chain?
Mules are the “last mile” in many online fraud operations: the unwitting dupes, or witting co-conspirators who lend their legitimate bank account (and reputation) to fraudsters who are looking for a way to cash out funds from a compromised account. Mules – often lured with promises of “work-from-home” riches receive fraudulent transactions, then immediately withdraw the funds and wire them to the fraudsters, minus a healthy “commission.” In recent years, there has been ample coverage in the media of cyber crime and fraud and the role of money mules in scams. (I note Brian Krebs excellent reporting on the mule problem on his blog.) And yet, the supply of mules seems to be endless. Or is it? According to researchers at the security firm RSA, bank account cash-out attacks are becoming less common online, and a sharp increase in busts on money mules may be the cause. Writing on […]
