Archive

Posts Tagged ‘credit card numbers’

Former Anonymous Spokesperson Indicted

December 9th, 2012 12:18 admin View Comments

Crime

SternisheFan sends this quote from Ars: “On Friday, a federal grand jury in Dallas indicted Barrett Brown, a former self-proclaimed Anonymous spokesperson, for trafficking ‘stolen authentication features,’ as well as ‘access device fraud’ and ‘aggravated identity theft.’ Brown has been detained since he was arrested in September for allegedly threatening a federal agent. 10 counts of the 12-count indictment concern the aggravated identity theft charge (the indictment references 10 people from whom Brown is alleged to have stolen information), but the most interesting charge is probably the first; a single count saying Brown, ‘did knowingly traffic in more than five authentication features knowing that such features were stolen and produced without lawful authority.’ But rather than a physical back-alley hand-off, this alleged trafficking happened online when Barrett transferred a hyperlink, ‘from the Internet Relay Chat (IRC) channel called “#Anonops” to an IRC channel under Brown’s control, called “#ProjectPM.”‘ That hyperlink happened to include over 5,000 credit card numbers, associating Ids, and Card Verification Values (CVVs) from the Stratfor Global Intelligence database.”

Source: Former Anonymous Spokesperson Indicted

Poor SSL Implementations Leave Many Android Apps Vulnerable

October 20th, 2012 10:27 admin View Comments

Android

Trailrunner7 writes “There are thousands of apps in the Google Play mobile market that contain serious mistakes in the way that SSL/TLS is implemented, leaving them vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. Researchers from a pair of German universities conducted a detailed analysis of thousands of Android apps and found that better than 15 percent of those apps had weak or bad SSL implementations. The researchers conducted a detailed study of 13,500 of the more popular free apps on Google Play, the official Android app store, looking at the SSL/TLS implementations in them and trying to determine how complete and effective those implementations are. What they found is that more than 1,000 of the apps have serious problems with their SSL implementations that make them vulnerable to MITM attacks, a common technique used by attackers to intercept wireless data traffic. In its research, the team was able to intercept sensitive user data from these apps, including credit card numbers, bank account information, PayPal credentials and social network credentials.”

Source: Poor SSL Implementations Leave Many Android Apps Vulnerable

Microsoft Makes Skype Easier To Monitor

July 26th, 2012 07:47 admin View Comments

Government

In a follow-up to a story earlier this week, derekmead writes “Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities. As we’ve already seen with Facebook and Twitter, big Internet firms aren’t digging their heels in against government requests, which shouldn’t come as a shock; angering the authorities is bad business. The lesson then is that, while the Internet will always retain a vestige of its Wild West days, as companies get bigger and bigger, they’re either going to play ball with governments or go the way of Kim Dotcom.”

Source: Microsoft Makes Skype Easier To Monitor

Dutch ISP Discovers 140,000 Customers With Default Password

July 5th, 2012 07:44 admin View Comments

Privacy

bs0d3 writes “In Holland, a major ISP (KPN) has found a major security flaw for their customers. It seems that all customers have had the same default password of ‘welkom01′. Up to 140,000 customers had retained their default passwords. Once inside attackers could have found bank account and credit card numbers. KPN has since changed all the passwords of the 140,000 customers with weak passwords. They also do not believe anyone has actually been burglarized since discovering this weak spot in security.”

Source: Dutch ISP Discovers 140,000 Customers With Default Password

Who Are These UGNazi Kiddie Hackers?

June 25th, 2012 06:01 admin View Comments

A group of malicious hackers calling themselves UGNazi claims it took down Twitter late last week for about 40 minutes. Despite reports confirming the attack, Twitter denied that UGNazi was responsible for the outage, calling it a “cascading bug.” Who is UGNazi?

When it comes to tracking the “hacktivist” types, the best way to get an overview of who they are and what they do is to visit their Twitter accounts. For UGNazi, its Twitter activity shows a group of at least four people that are interested in using DDoS attacks to take down prominent websites and to hack into other sites to deface them. 

In and of themselves, DDoS attacks and defacement are simple, and perhaps juvenile, pastimes for young hackers looking to make a name for themselves. But, UGNazi also has an agenda that could be far more harmful to its targets. The group has been linked to a breach at WHMCS, an online billing and client management platform, that exposed about 1.7 GB of company data, including credit card numbers and passwords.

“Hackers claiming to be part of UGNazi have been involved in a number of attacks against websites (defacements, data leaks and DDoS attacks, that kind of thing),” said security expert Graham Cluley of Sophos. “One of the attacks they have been linked to targeted WHMCS, and resulted in the exposure of half a million usernames and passwords.  It’s claimed that they exploited a zero-day vulnerability to break into web-hosting software that uses WHMCS.”

The WHMCS attack was reportedly done through a SQL injection, a technique used by malicious hackers to force their way into databases and extract information. SQL injections have been known to be favorite techniques of both Anonymous and LulzSec. 

According to the UGNazi Twitter account, the group has aligned itself with the infamous anti-security group Anonymous, if at least on a tangential basis. Groups such as LulzSec, Anonymous and UGNazi are not centralized administrations, but rather disparate groups of hackers that have loosely aligned around a common purpose, usually against governments, companies and security agencies that the groups perceive to have committed some type of wrong. 

This particular group appears to consist of four males that go by the handles JoshTheGod, Mr0sama, Cosmo and CyberZeist. The language the group members use in their Twitter accounts is similar to what Anonymous and LulzSec members use – often immature rants and bold claims of dubious truth. The catch phrase for these hacktivist groups when they perform a successful DDoS attack is “Tango Down,” which UGNazi used when it claimed it had taken down Twitter last week.

It was reported that the so-called leader of UGNazi – Cosmo – was arrested by the FBI at the end of May in relation to the WHMCS attack.

UGNazi has a published a list of companies and websites it wishes to attack, for a variety of reasons. That list includes Google.com (“for the lulz”), gas station company WaWa, BP.com, WePay.com and 4Chan.com. The group has claimed to deface or hack sites such as Six Flags, Michigan.gov and regional Comcast sites. 

Will UGNazi take off into prominence the way that Anonymous and LulzSec have before it? Perhaps. It will depend on how successful this small group of hackers becomes. As for Twitter’s outage, that is a he-said, she-said type scenario, in which UGNazi takes responsibility but Twitter denies it. 

Cluley, for one, is not sold. 

”Of course, we have to take everything that a group like UgNazi claims on its Twitter feed with a pinch of salt,” Cluley said.

Source: Who Are These UGNazi Kiddie Hackers?

Who Are These UGNazi Kiddie Hackers?

June 25th, 2012 06:01 admin View Comments

A group of malicious hackers calling themselves UGNazi claims it took down Twitter late last week for about 40 minutes. Despite reports confirming the attack, Twitter denied that UGNazi was responsible for the outage, calling it a “cascading bug.” Who is UGNazi?

When it comes to tracking the “hacktivist” types, the best way to get an overview of who they are and what they do is to visit their Twitter accounts. For UGNazi, its Twitter activity shows a group of at least four people that are interested in using DDoS attacks to take down prominent websites and to hack into other sites to deface them. 

In and of themselves, DDoS attacks and defacement are simple, and perhaps juvenile, pastimes for young hackers looking to make a name for themselves. But, UGNazi also has an agenda that could be far more harmful to its targets. The group has been linked to a breach at WHMCS, an online billing and client management platform, that exposed about 1.7 GB of company data, including credit card numbers and passwords.

“Hackers claiming to be part of UGNazi have been involved in a number of attacks against websites (defacements, data leaks and DDoS attacks, that kind of thing),” said security expert Graham Cluley of Sophos. “One of the attacks they have been linked to targeted WHMCS, and resulted in the exposure of half a million usernames and passwords.  It’s claimed that they exploited a zero-day vulnerability to break into web-hosting software that uses WHMCS.”

The WHMCS attack was reportedly done through a SQL injection, a technique used by malicious hackers to force their way into databases and extract information. SQL injections have been known to be favorite techniques of both Anonymous and LulzSec. 

According to the UGNazi Twitter account, the group has aligned itself with the infamous anti-security group Anonymous, if at least on a tangential basis. Groups such as LulzSec, Anonymous and UGNazi are not centralized administrations, but rather disparate groups of hackers that have loosely aligned around a common purpose, usually against governments, companies and security agencies that the groups perceive to have committed some type of wrong. 

This particular group appears to consist of four males that go by the handles JoshTheGod, Mr0sama, Cosmo and CyberZeist. The language the group members use in their Twitter accounts is similar to what Anonymous and LulzSec members use – often immature rants and bold claims of dubious truth. The catch phrase for these hacktivist groups when they perform a successful DDoS attack is “Tango Down,” which UGNazi used when it claimed it had taken down Twitter last week.

It was reported that the so-called leader of UGNazi – Cosmo – was arrested by the FBI at the end of May in relation to the WHMCS attack.

UGNazi has a published a list of companies and websites it wishes to attack, for a variety of reasons. That list includes Google.com (“for the lulz”), gas station company WaWa, BP.com, WePay.com and 4Chan.com. The group has claimed to deface or hack sites such as Six Flags, Michigan.gov and regional Comcast sites. 

Will UGNazi take off into prominence the way that Anonymous and LulzSec have before it? Perhaps. It will depend on how successful this small group of hackers becomes. As for Twitter’s outage, that is a he-said, she-said type scenario, in which UGNazi takes responsibility but Twitter denies it. 

Cluley, for one, is not sold. 

”Of course, we have to take everything that a group like UgNazi claims on its Twitter feed with a pinch of salt,” Cluley said.

Source: Who Are These UGNazi Kiddie Hackers?

U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

June 13th, 2012 06:50 admin View Comments

Security

tsu doh nimh writes “The Justice Department on Monday announced the arrest of a Dutch man wanted for coordinating the theft of roughly 44,000 credit card numbers. The government hasn’t released many details about the accused, except for his name and hacker handle, ‘Fortezza.’ But data from a variety of sources indicates that Fortezza was a lead administrator of Kurupt.su, a large, recently-shuttered forum dedicated to carding and Internet fraud. Krebsonsecurity.com provides some background on Fortezza, who ‘claimed to be “quitting the scene,” but spoke often about finishing a project with which he seemed obsessed: to hack and plunder all of the other carding forums.’”

Source: U.S. Govt. Appears To Have Nabbed Kurupt.su Carding Kingpin

Up To 1.5 Million Visa, MasterCard Credit Card Numbers Stolen

April 2nd, 2012 04:24 admin View Comments

Security

An anonymous reader writes “Global Payments, the U.S.-based credit card processor company that experienced a security breach affecting Visa and MasterCard, confirmed that the breached portion of its processing system was confined to North America. The company also finally revealed how many credit card numbers were stolen: around 1,500,000.”

Source: Up To 1.5 Million Visa, MasterCard Credit Card Numbers Stolen

Hackers Can Easily Lift Credit Card Info From a Used Xbox

March 30th, 2012 03:52 admin View Comments

Crime

zacharye writes “Using nothing more than a few common tools, hackers can reportedly recover credit card numbers and other personal information from used Xbox 360 consoles even after they have been restored to factory settings. Researchers at Drexel University say they have successfully recovered sensitive personal data from a used Xbox console, and they claim Microsoft is doing a disservice to users by not taking precautions to secure their data. ‘Microsoft does a great job of protecting their proprietary information,’ researcher Ashley Podhradsky said.”

Source: Hackers Can Easily Lift Credit Card Info From a Used Xbox

VISA, MasterCard Warn of ‘Massive’ Breach At Credit Card Processor

March 30th, 2012 03:10 admin View Comments

Crime

concealment writes with news that VISA and MasterCard have been warning banks of an incident at a U.S. card processor that may have compromised as many as 10 million credit card numbers. From the article: “Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area.”

Source: VISA, MasterCard Warn of ‘Massive’ Breach At Credit Card Processor

YOYOYOOYOYOYO