Under The Radar @therealcyberspace - Tumblr Blog

Posts

headlesssamurai

“You’re like me, aren’t you? You hear the call of the command line.”

anothereffigy

clickholeofficial

Scandal, Maybe? Anonymous Just Released The Names Of All The People Who Worked At Kohl’s In 2003

The hacktivist network Anonymous sent shockwaves around the internet this morning with its latest announcement, which in theory, could have wide-ranging implications, but honestly, it’s pretty tough to tell: At 8 a.m. EST, Anonymous released the names of all the people who worked at Kohl’s in 2003.

Well, this is officially bad for the department store chain, probably.

datapot-deactivated20180521

Law enforcement agencies are dealing with malware and ransom demands

Sheriff Todd Brackett’s first inclination last year when he learned part of his department’s computerized records management system had been taken over by ransomware was not to pay.

“We’re policemen,” he said. “We don’t pay ransom.”

But ultimately he — like Allegheny County District Attorney Stephen A. Zappala Jr. — did pay ransom.

Sheriff Brackett learned that the computer backup system for his coastal Maine department had not been working properly. Not paying the $360 ransom —to be paid in the online currency Bitcoin —would result in his losing nearly four months worth of reports. Everything from traffic accidents to felony sex assaults to officers’ supplementals and evidence logs, would be gone.Source

metaconscious

Steganography

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means “concealed writing” from the Greek words steganos (στεγανός) meaning “covered or protected”, and graphei (γραφή) meaning “writing”. The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter.

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties.

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

Image of a tree with a steganographically hidden image. The hidden image is revealed by removing all but the two least significant bits of each color component and a subsequent normalization. The hidden image is shown below.

Image of a cat extracted from the tree image above.

Learn more at Wikipedia.

chaosophia218

Cicada 3301. Cicada 3301 is perhaps the most mysterious seemingly Internet-based organization in the history of online mysteries. Since 2012, the group has posted numerous puzzles online under that name and has made no reference as to what it does or even where it is from. No one knows who runs it, assuming it really is an organization, or even the name of a single member. Cicada 3301 is able to keep its reputation with so little information strictly because of the interesting scavenger hunt of sorts it has released for three years running.

It all started on January 5, 2012 when a 4chan user posted a steganography clue on the “random” board. The image stated that Cicada 3301 was looking for “intelligent” people. In fact, the word used was “recruiting.” For what, no one has said and Cicada 3301 is certainly keeping it a secret. The image hid a clue that takes some level of specialized knowledge to find. It involved a Caesar cipher, which is pretty standard crypto, but the rest took at least some technical knowledge.

From there, and in future puzzles, clues varied greatly in skill-set necessary for solving and even location. Some of the clues were in physical locations, making it necessary for people who could not reach the clues to use posts on the Internet to get further in the hunt. Moreover, some of the references in the clues are pop culture, literature and other non-tech topics. Some have touted the Cicada 3301 puzzles as unsolvable. This is not true. Several have solved the hunt and have allegedly received emails from the organization. Still, no one has come forward and stated what they were recruited to do, if anything. Judging by the puzzles, it is possible that Cicada 3301 is simply a cyber group like Anonymous. Of course, there is also the possibility that it is really MI6, the CIA or a similar organization. Information security, cryptography and a number of other skills necessary to crack the puzzles offered by Cicada would be helpful to virtually any large organization, which makes it hard to discover who is behind it. In fact, this would not be the first time an organization used such tactics to recruit new members. We have to assume that Cicada succeeded on that front, as it stated that it found the people it needed after the first puzzle. It began all over again on January 5, 2013 and again on January 5, 2014, so it must be an ongoing recruitment effort. At this juncture, it is impossible to tell when these recruitment efforts from Cicada 3301 will stop, but that is not stopping people from looking forward to the next year’s puzzles. It may not be a very public honor, but it must be satisfying to know you have reached the end of one of the most famous puzzles in Internet history.

“Cicada 3301″ - world famous cryptography and steganography photo

#steganography #hackers anon #cryptography #Cicada 3301

Hacking someones computer with just an image.

This week the hacker news brought to light how simple is it to use an image to compromise someone’s computer. Dubbed Stegano, it is derived from the word Steganography, which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye.

Video on Steganography:

Stegano takes effect once a user visits a site hosting malicious advertisement, the malicious script is embedded in the ad which then compromises information about the victim's computer and then sends the information to the attacker's remote server without any user interaction. The malicious code inserted then uses the CVE-2016-0162 vulnerability in Microsoft's Internet Explorer (IE) browser in order to scan the target computer to see if it is running on a malware analyst's machine. After verifying the targeted browser, the malicious script redirects the browser to a website that hosts Flash Player exploits for three now-patched Adobe Flash vulnerabilities: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117. Thus, with the vulnerable Adobe Flash installed the hacker can now exploit these vulnerabilities and use that to gain root access to the victim’s computer. With root access the hacker can access any files on the victim’s computer and use it as a bot in an DDOS attack.

Stegano-Attack Diagram:

(Tuesday, December 06, 2016)

#steganography #stegano #image hacking #vulnerablities #adobe flash #hacking #ddos #cybersecurity

311i0t-r0b0t

luminis-mercurio

Our democracy has been hacked -mr.robot

Operation Avalanche

On December 1st the United States, United Kingdom, and Europe publicly stated that they were involved in the dismantlement of a international cyber based crime scheme nicknamed “Avalanche”. Avalanche was a distributed, cloud-hosting network that has been used for countless cyber crimes over the past seven years. Avalanche overall consisted of 39 Web servers and 830,000 web domains. It’s foundation as a criminal cloud-hosting environment attracted scammers, spammers and has been a major source of Cyber-crime for years. In 2009, when investigators say the fraud network first opened for business, Avalanche was responsible for funneling roughly two-thirds of all phishing attacks aimed at stealing usernames and passwords for bank and e-commerce sites. By 2011, Avalanche was being heavily used by crooks to deploy banking Trojans.

“At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.”

The Avalanche network was especially resilient because it relied on a hosting method known as fast-flux, a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind an ever-changing network of compromised systems acting as proxies

Visualization of how Avalanche worked:

#avalanche #phising #cybercrime #hacking scheme #web-based hacking #bank account fraud #money laundering #money muling #malware #trojans

“Your email account may be worth far more than you imagine.”

#hacked email #luring #phising #email #hacker #cybersecurity

Ransomware Takes Over MUNI

About a week ago on November 29th, The San Francisco Railway System was hacked in an interesting fashion. With the new uprising in certain attack vectors for Ransomware, it is becoming more common for you to be at risk to this type attack.

Ransomware : a type of malicious software designed to block access to a computer system until a sum of money is paid.

San Francisco's Municipal Transportation Agency, also known as MUNI, offered free rides on November 26th after MUNI station payment systems and schedule monitors got hacked by Ransomware and station screens across the city started displaying a message that reads:

According to the San Francisco Examiner, MUNI confirmed a Ransomware attack against the station fare systems, which caused them to shut down ticket kiosks and make rides free this weekend. The hacker in control of that email account said he had compromised thousands of computers at the SFMTA, scrambling the files on those systems with strong encryption. The files encrypted by his Ransomware, he said, could only be decrypted with a special digital key, and that key would cost 100 Bitcoins, approximately $73,000.

Oddly enough this email and form of hack the hacker was implementing had been involved in many other hacks this year. The same email address, [email protected], was linked to a Ransomware strain called MAMBA in September. The Ransomware employs tactics similar to those demonstrated against the MUNI systems.

If you read further on the article many other cyber security experts and follower have come forward with further information on other hacks this cyber criminal has committed.

#ransomware #mamba #cryptom27 #cybersecurity #cybercrime #railway hack #MUNI