World cyber news is online news media.we bought daily hottest news occuring in the world related to cyber.. We propogate news specially related to hacking, technology updates , cyber world updates....
Vulnerability in world's one of the most using social networking site on mobile(http://qeep.com , http://qeep.mobi) has found.
According to Team QEEP is Vulnerable to a Serious type of XSS attack.It can be XSSed by pushing the script. Through using the Script any malicious coder will be able to Track hpage Cookies and Can hack the whole site.Vulnerability has been reported to Website Admin.
As he requested us not to publish vulnerable links for their Security.so, we are not publishing.
Vulnerability in world's one of the most using site (HPAGE) for creating free websites.
HPAGE is vulnerable to a Serious type of XSS attack.It can be XSSed by pushing the script. Through using the Script any malicious coder will be able to Track hpage Cookies and Can hack the whole site.Vulnerability has been Reported to Website Admin.
We all are already aware with INDIAN CYBER ARMY .INDIAN CYBER ARMY have just posted on their blog announcing that New products and Services are going to be launched in New year. lets Read more news in their Words
"Dear Friends,
As 2011 comes to a close, we would like to thank you for contributing to our success and for your support through all the great times. We hope that the New Year brings you much joy and success. We look forward to working with you in the New Year and hope that our business relationship lasts for many more years to come.
Looking Back at 2011:
2011 has been a remarkable year for us with a slew of Programs, Promos and Products launched. Here’s a look back at everything we achieved in association with our partners and patrons
With each passing year we grow and learn..with each passing year we progress...yes there are defeats..yes there are regrets, but we need to be strong and rational for years to come.
IN upcoming new years we are going to launch many new services and Training programs with our new partners / Members and Association company.we hope that we will get your support and Trust upon us more than previous year.
Hope you’re ready for a revolutionary change in the field of CYBER WORLD with us 2012!
Regards, Team Indian Cyber Army www.indiancyberarmy.org"
Lynis is an auditing tool for Unix (specialists). It scans systems to detect software and security issues. Besides security-related information, it will also scan for general system information, installed packages, and possible configuration mistakes. The software is aimed at assisting automated auditing, software patch management, and vulnerability and malware scanning of Unix-based systems.
Official Change Log:-
Profile option: ignore_home_dir TCP wrappers category added Tooling category added Initial extensions to support plugins in the future Test for unpurged Debian packages [PKGS-7346] Test for compiler permissions [HRDN-7222] Converted all dates to ISO format and updated copyright lines Correct suggestion for file integrity tool [FINT-4350] Added hint when RPM list is empty on DPKG based systems [PKGS-7308] Changed logging for /etc/security/limits.conf file [KRNL-5820] Fixed incorrect warning for single user mode [AUTH-9308] Improved output for stratum 16 time servers [TIME-3116] Added suggestion and screen output for kernel hardening [KRNL-6000] Screen layout optimalizations and log file improvements Improved list/layout of scan options Improved binary check for compilers Added configuration option in scan profile (show_tool_tips, default true)
Microsoft published Security Advisory 2659883 to provide a workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various Web platforms industry-wide. This vulnerability affects all versions of Microsoft .NET Framework and could allow for an unauthenticated denial of service attack on servers that serve ASP.NET pages. Sites that only serve static content or disallow dynamic content types listed in the mitigation factors below are not vulnerable. The vulnerability exists due to the way that ASP.NET processes values in an ASP.NET form post causing a hash collision. It is possible for an attacker to send a small number of specially crafted posts to an ASP.NET server, causing performance to degrade significantly enough to cause a denial of service condition. Andrew Storms, director of security operations said: "This isn’t your average DoS attack because it doesn’t take a botnet or a lot of coordination to take a web server down. Most DoS attacks rely on a huge number of small requests targeted at a specific web server to overwhelm it. In this case, a single request can consume a single core for 90 seconds. Queue up a few of these requests every few minutes and the site will be essentially knocked offline."
For More Information About This Vulnerability Click Here
MANILA, Philippines—The Philippine National Police has taken steps to guard against hacking and other breaches in computer security after a series of incidents involving the defacement of the Web sites of several police offices in June and September, officials said on Thursday.
It said it created the “Technical Committee on Website Hacking and Other Related Incidents” headed by Senior Superintendent Joel Victor V. Canapi, chief of directorial staff of the PNP’s Information Technology Management Service (ITMS), to respond to the hacking incidents.
The committee studied the nature of the incidents in June and September, in which hackers disabled the username and password functions on the Web sites of 10 police offices, PNP spokesperson Chief Superintendent Agrimero Cruz Jr. said in a statement.
After the study, which began on Nov. 10, the committee recommended a careful review of the service level agreement with the Web sites’ hosting providers, “taking into consideration the inclusion of adequate security features,” Cruz said.
It also called for the continuous monitoring of the Web sites in order to preempt other attempts to breach security, as well as the employment of additional security features by installing security plug-ins or add-ons into the back-up files and its complementary security applications, the official added.
In June, 10 PNP Web sites were defaced, including those of the Highway Patrol Group, Police Security and Protection Group, Police Community Relations Group, Directorate for Human Resource and Doctrine Development, Headquarters Support Service, and the Directorate for Investigation and Detective Management, as well as of Police Regional Offices 9, 13 and 11.
Hackers identified as “Terroriste_Mc,” “Cocain Team” and “Cyb3r- DZ” disabled the username and password of the Web sites’ back-end and front-end pages, the investigation showed.
The same incident occurred in September when the Web sites of PRO 9 and PRO 13 were defaced by the “UrduHack Team” and “LatinHack Team,” Cruz said.
Upon corresponding with allied international organizations against cyber threats, the committee learned that the hackers responsible for the June incidents were Turkish, Iranian and Arabian nationals, while those responsible for the September hacking were Pakistanis and South Americans.
Initial responses performed by the Web administrators of the hacked sites included temporary stoppage of Web service and restoration of their back-up files, Cruz said.
On Nov. 22 to 24, Web administrators of the police sites underwent a seminar to learn the latest updates on security threats and to enable them to defend their sites from cyber attackers.
Mobile malware, hacktivism and the Arab Spring have converged in an online security threat called Android.Arspam by Symantec.
Based on Symantec's research, the malicious Trojan was distributed through forums focusing on Middle Eastern issues and used the Android operating system to grow and spread.
"The Middle East has undoubtedly seen a rise in hacktivism and cybercrime in 2011, not only is it an emerging market that has great financial appeal for cybercriminals but the region plays host to an increasingly connected and mobile online community that offers great scope for those looking to exploit these devices to reach a wider audience. The Arab Spring is just one of many trending topics that are attracting a higher volume of online traffic which is essentially where the low hanging fruits lie," said Bulent Teksoz, chief security strategist, Emerging Markets, Symantec.
The Android. Arspam Trojan was embedded into a fake copy of a popular Islamic compass app available on the Android Market. The real version of the app was not affected.
After users install the app, the code goes to work in the background as a service called alArabiyyah. The Trojan randomly picks one link from a list of eighteen and then sends out an SMS message to every contact in the address book of the compromised device, sending them a link to a forum site. According to Symantec, each forum site has identical content and appears to be a tribute to Mohamed Bouaziz.
"In a way, this threat is a testament to the rise of hacktisivm. Attacks like Android.Arspam further offer hacktivists and cybercriminals targeting this region an opportunity to test and develop their methods. It is of crucial importance that individuals and organisations secure themselves across all devices as these ‘gateway' threats become more sophisticated and potentially harmful," said Teksoz.
Hyderabad: The total number of reported crime cases in Hyderabad Commissionerate limits has dropped by around 13 per cent during 2011 when compared to last year, a top police official said on Thursday.
"The overall crime cases decreased from 16,703 last yearto 14,718 this year. However, cyber crimes went up to 68 casesagainst 53 last year," Hyderabad Police Commissioner A K Khantold reporters at a press conference here. Offences pertaining to murders, robbery and dacoity,house breaks, theft, kidnappings, cheating among other relatedcrimes saw a drop, Khan said, adding there was an increase ofsnatching cases to 884 from 851 in 2010.
Though, overall crime cases against women fell to 1,623 this year when compared to 1,779 during the previous year,rape cases went up to 56 this year as against 43 in the yearbefore, he said and pointed out that in most of the cases theaccused and the victim knew each other and lived together.
"It is proposed to create three more women policestations in addition to the existing three women policestations in the city," Khan said.
With the number of religious and other processionsgetting doubled in the last five years in the city, Khan saidthere was a need to hold discussions with religious leadersand to restrict such processions as it was necessitating heavybandobust arrangements.
"Large number of officers and police personnel arerequired to make arrangements and maintain peace during theseprocessions. Such force could be otherwise utilised for bettercrime control and law and order maintenance," the policecommissioner said.
Khan said as many as 43 police officials were placedunder suspension and dealt with disciplinary proceedings fortheir alleged involvement in crime cases.
Last month we have published a article which was saying that HP LaserJet Printers have serious security flaws. Columbia University Researchers have discovered a vulnerability in some Hewlett-Packard (HP) LaserJet printer lines that could allow attackers to install a modified firmware to steal information, run attacks from within a network or cause physical damage to the printer. The exploit made known in the report was based on HP LaserJet printers that allow firmware upgrades through a "Remote Firmware Update" process. Because the printers don't verify the source, and because firmware updates don't come packed with a signature, anyone can send a virus-laden document to the printer which would instruct the printer to erase its current firmware and install a malware-laced version. Hackers can even do this on printers configured to accept print jobs via the Internet. Once news of a potential hacker-ignited fire began to circulate, HP quickly retaliated to the Columbia University finding, stating that a potential fire stemming from a firmware change was false. "HP LaserJet printers have a hardware element called a 'thermal breaker' that is designed to prevent the fuser from overheating or causing a fire," HP said in a statement. "It cannot be overcome by a firmware change or this proposed vulnerability."
On December 23, HP issued a news release reiterating that no customers had reported unauthorised access to their LaserJet printers, and offered a firmware update that the company said would ''mitigate this issue''. The update is available on the company's support website, in the ''Drivers'' category.
The hacktivist group Anonymous claimed this week that it took down a dozen Egyptian government websites using distributed denial of service (DDoS) attacks in retaliation for the government’s treatment of protestors. Egyptian protestors have been demonstrating in Cairo, demanding that the military government that took over after the ouster of President Hosni Mubarak move faster on democratic reforms. The Egyptian military police began a crack down on the protectors last weekend. In response, Anonymous said it launched DDoS attacks against government websites, including the website of the president’s office and the bureau for tourism. The hacktivist group took responsibility for the attack on at least one Brazilian operations page, saying the attacks are in response to the treatment of protesters in Egypt.
Flaws in a widely used wireless technology could allow hackers to gain remote control of phones and instruct them to send text messages or make calls, according to an expert on mobile phone security.
They could use the vulnerability in the GSM technology -- which is used by most telecom operators globally and by billions of people -- to make calls or send texts to expensive, premium phone and messaging services in scams, said Karsten Nohl, head of Berlin-based Security Research Labs.
Nohl is a well-regarded expert on mobile security who last year identified a bug in GSM technology that makes calls vulnerable to tapping. He says he is calling attention to these flaws to pressure the industry into beefing up the security of their products.
Mobile security is a hot issue because hackers are paying unprecedented attention to the devices as smartphone sales have outpaced sales of PCs.
Only a few flaws have been found in GSM technology - which stands for Global System for Mobile Communications - over its 20-year history. Industry lobby group GSMA said on Tuesday it did not expect the new findings to affect its views on the security of the technology.
"The GSMA and its mobile network operator members are confident in the security of existing 2G GSM networks and real attacks on real networks against real customers are most unlikely," it said in a statement, adding that newer technologies are safer and not impacted by the new research.
GSMA's statement "on anticipated GSM security announcements" did not make clear whether the industry group had actually seen Nohl's latest research.
Security experts have previously identified a small number of viruses designed to infect smartphones, allowing hackers to take control of the devices and force them to make calls or send text messages. But Nohl said he has discovered a way to leverage previously disclosed vulnerabilities in GSM technology that could potentially threaten hundreds of thousands of phones.
"We can do it to hundreds of thousands of phones in a short time frame," Nohl told Reuters ahead of a presentation on the topic at a hacking convention in Berlin on Tuesday.
SECTOR IN FOCUS
Smartphone malware is popping up at an unprecedented rate as people put more and more valuable information on the devices, using them to hold corporate secrets, conduct banking and function as digital wallets.
GSM became the dominant mobile technology globally in the late 1990s and even though new, faster mobile networks have been rolled out across the world, operators have stuck to their GSM networks to support older phones and to offer service when new networks fail.
The Berlin convention takes place just days after U.S. security think tank Strategic Forecasting Inc (Stratfor) said its website had been hacked and that some names of corporate subscribers had been made public. Activist hacker group Anonymous claimed responsibility.
Attacks on corporate landline phone systems are fairly common, often involving bogus premium-service phone lines that hackers set up in countries in Eastern Europe, Africa and Asia.
Fraudsters make calls to the numbers from hacked business phone systems or mobile phones, then collect their cash and move on before the activity is identified.
The phone users typically do not realize the problem until after they receive their bills, and telecommunications carriers often end up footing at least some of the costs.
Even though Nohl will not present all details of possible attacks at the conference, he said hackers will usually replicate the code needed for attacks within a few weeks.
T-MOBILE, SFR LEAD NEW RANKING
Mobile networks of Germany's T-Mobile and France's SFR offer their clients the best protection against online criminals wanting to intercept their calls or track their movements, according to a new ranking Nohl will unveil at his presentation.
The new ranking, at gsmmap.org, is conducted by security researchers, who hope this will heighten the awareness of operators and consumers on the vulnerability of their mobile communications.
Researchers reviewed 32 operators in 11 countries and rated their performance based on how easy it was for them to intercept the calls, impersonate someone's device or track the device.
"None of the networks protects users very well," Nohl said.
The sample is set to grow from 32 carriers dramatically next year as the tool enables anyone to participate in data gathering
by downloading measuring software to their phones.
Nohl said mobile telecom operators could easily improve their clients' security, in many cases by just updating their software.
Researchers reviewed operators in Austria, Belgium, the Czech Republic, France, Germany, Hungary, Italy, Morocco, Slovakia, Switzerland and Thailand.
Last week unknown hackers invaded Chinese cyberspace and stole personal credentials belonging to millions of the country's netizens. And, to make things worse for the victims, now it seems like all the stolen information including their names, email ID, password etc. have been posted online.
According to reports, the Chinese Software Developer Network (CSDN) was breached in the incident and its user database has been made available for public download. The database reportedly contains the emails and passwords of all its 6 million registered users.
The Chinese Software Developer Network happens to be the most popular website in the country for programmers.
"A lot of Chinese internet companies are poorly constructed, with low quality technical input. Backend websites are not up to par with mainstream standards, so actually I'm not surprised that this kind of hacking happened," Xie Wen, Former President, Yahoo China stated.
"I believe the user data of 90% of Chinese websites can be hacked by someone with very basic skills," he added.
It seems that the hunter has become the hunted with the latest hack as China has always been pin pointed by many world governments including the likes of the US, UK, Japan and India etc. as the source of an overwhelming proportion of organised cybercrimes taking place today.
Hackers used a security flaw to infiltrate online shopping mall giant 360Buy in the past week, giving users access to other users' names, home addresses, phone numbers and e-mail addresses, the Dong Fang Daily reports.
The incident follows on the heels of another major online hacking scheme when the personal information of more than 60 million internet users on the China Software Developer Network was leaked on December 21.
WooYun, a data leak reporting website,
said Tuesday that 360Buy called the incident a medium-level security threat and promised to handle it immediately, although the company did not confirm that some of its users had access to other users' personal data.
Li Daxue, Vice President of the company's Information Department, said 360Buy had taken action to close any system gaps and attempted to contact the party who issued the information about the data leak, although no one responded.
More than 1 billion internet users recently have been subjected to personal information leaks on 10 websites. Many websites infiltrated by hackers have notified the police, but no one has claimed responsibility for the incidents.
One internet security expert said web users should change their passwords frequently and reset the security levels on the websites as soon as possible.
LAHORE: The Federal Investigation Agency’s (FIA) National Response Centre for Cyber Crimes has arrested a man allegedly involved in making and using counterfeit credit cards by hacking card holders’ data. The investigators suspect involvement of some NADARA officials in the crime.
An FIA official told World Cyber News that the accused, Tanveer Iqbal, obtained computerised national identity cards (CNICs) data possibly with help from some Nadra officials, to produce fake credit cards in his name and names of his accomplices. The official said that the criminals used CNICs that were returned to Nadra for correction of spellings, date of birth and address.
The gang members hacked credit cards using data on the CNICs and used them for larger transactions. He said the gang members had a digital device through which they transferred their data on blank credit cards.
The gang used magnetic strip read and writing (MSRW) machine to rewrite data on credit cards.
One of the affected, identified as Chaudhry Tahir Amin, whose CNIC was recovered from Iqbal, told the investigation officer that he had returned the ID card to a Nadra office in Gujranwala seeking correction in his date of birth. He said a few weeks later, he received the new card with the correct date of birth. Two more CNICs with the same number but bearing different pictures and names were recovered from the suspect.
The case was brought to FIA’s attention after Amin filed a complaint at United Bank Limited’s Fraud Risk Management Unit.
Iqbal was reportedly caught red handed by a police team headed by Inspector Malik Tariq Masood while using the fake card. They also recovered two counterfeit credit cards, a laptop and an MSRW machine from him.
According to an FIA report, the gang has so far used these fake cards at UBL point of sale machines at Metro Cash and Carry in Thokar Niaz Baig in Lahore.
The recovered credits cards, laptop and the MSRW machine has been handed over to the concerned forensic expert for providing technical report. However, the actual loss calculation report from UBL and the forensic report from a technical expert are awaited.
Speedbit Search engine is vulnerable to a particular type of XSS attack.It can be XSSed by first adding a normal string at the beginning and then pushing the script. Since the search engine has implemented XSS filtering so it can be bypassed by crafting a different vector.
TeamViewer 7 for Windows was released about a month ago now the Ver 7 is available for Linux though its a beta release. TeamViewer is an application for remote control, desktop sharing and file transfer between computers, great for meetings, presentations, support and more. It runs on Windows, Mac OSX, Linux (even though it comes in a .deb or .rpm, it uses Wine which comes bundled with it) as well as Android or iPhone. The application is free for personal use only.
What is New In TeamViewer 7 :-
Enhanced multi-monitor support An integrated screenshot tool Record presentations Save connection settings per Computer (store individual connection settingsfor each computer in your Computers & Contacts list) - see the first screenshot in the post Instant meeting (you can start your meeting even before adding any participants - ideal for preparation and testing) Scheduled meetings Mobile participation via Android / iOS client File Box (make files available for download during meeting)
All most every cellular networks are vulnerable said A German security researcher. In an exclusive report New York Times it is said that Networks that use the GSM standard are vulnerable because of the way in which they handle commands, German researcher Karsten Nohl told AllThingsD on Monday. GSM networks are common throughout the world and are used in the U.S. by AT&T and T-Mobile USA. Nohl, who is presenting his research in Germany on Tuesday, studied 11 countries and was able to hack into both voice and text conversations, using a seven-year-old Motorola phone along with widely available decryption software, according to the Times report. At the heart of the vulnerability is the fact that network commands are sent in the simplest of computer code, basically amounting to a message like “I have a call for you.” A range of options for randomizing the data can easily improve the security, but Nohl said that the carriers have varied widely in how well they implement protection. Each GSM command is exactly 23 bytes long. In most cases, Nohl said, that leaves room for carriers to send random data that makes the messages harder to intercept. However, some messages use the full 23 bytes, requiring a more sophisticated workaround to make things secure. In Morocco, for example, one carrier sends messages with no attempt at encryption whatsoever. “That doesn’t happen in Europe,” Nohl said. “However, we are still very far away from reasonable protection.” It’s also hard to guess which networks are best-protected without studying them. “It’s pretty unpredictable which network will be configured how,” Nohl said. While Vodafone did pretty well on its British network, its German subsidiary has a less secure network. Nohl said the vulnerability is limited to the oldest 2G variant of the GSM networks, but since all GSM phones support the 2G network, that leaves all such phones vulnerable. Although Nohl’s research focused on European countries, along with Morocco and Thailand, carriers elsewhere could be vulnerable unless they use better encryption than their European counterparts. Representatives for AT&T and T-Mobile USA were not immediately available for comment. Nohl told AllThingsD that he will release a tool on Tuesday for people to check the vulnerability in their area.
Newly formed but dangerous hackers group The Hackers Army has declared Operation Freedom Palestine. Earlier they has made their reputation on the cyber world by hacking many high profile sites including Hacktivist Anonymous site Anonyops.com. They sent the website offline for more than 24 hrs. It was just the beginning later they hacked the Official Site of President of Guyana, Bharatiya Janata Party (BJP), israili server rooted and many more.
Official Press Release of The Hackers Army:-
We The Hackers Army Is Engaging #Op Freedom Palestine.. Attack Will Be Random And We Will Engage Our Operation 0n New Year Eve...Here's The Message....
Greetings NATO Countries,
We The Hackers Army Are Going To Engage #Op Freedom Palestine 0n New Year Eve!!!
When All Of You Are Celebrating Your Success In Killing Children, Raping Women And Imprisoning Innocent Men. There Is A FaCt That Israel
Has Been Taking Over Palestine Brutality.
A Message To World,
Now, 63 years have passed since the
Israeli Declaration of Independence
and the Palestinian children, women
and men are being killed and murdered
on a daily basis, their lands are stolen and their properties are confiscated.
Despite the brutality of the Israeli
regime, the world including the
dispassionate and neutral Arab states
of the Persian Gulf, watch the agony
and suffering of the Palestinian nation with apathy and indifference.
Sixty-three years ago the Zionists
demolished 438 Palestinian villages
and poisoned or destroyed wells to
ensure that their rightful owners would
not return. Today, Zionists keep on behaving more or less along the same
traditions, demolishing homes,
destroying farms, and narrowing
people’s horizons, all with the goal of making them emigrate.
Israel celebrates freedom while more than nine million Palestinians are
treated like slaves or children of a lesser
God, some languishing in refugee
camps, also for 63 years, or subjected
to horrible conditions such as mass
detention, collective starvation, daily persecution, with no freedom and very
little hope for a better tomorrow.
According to Palestine News Network,
Nakba demonstrations are expected to
take place all over the West Bank, Al-
Quds, Gaza and the countries across the world.
Fearing the possible massive
gatherings of the Palestinian citizens in
the occupied territories, the Israeli
forces have adopted tough security
measures ahead of the Nakba Day protests and arrested several
Palestinians.
You can imprison our PALESTINIAN Brothers but you cannot imprison our hope. We will fight till the end, and we are coming to take revenge.
Always Remember Whenever death may surprise us, Let it be welcome if our battle cry has reached even one receptive ear and another hand reaches out to take up our Cause...
Ubertooth is an open source 2.4 GHz wireless development platform suitable for passive bluetooth monitoring. It aims to be the world’s first open source and affordable bluetooth monitoring and development platform. It contains both – hardware and software.
Official Change Log:-
ToorCon 13 Badge: This is a special Ubertooth design made for ToorCon 13. Hardware design files and firmware source code are part of Project Ubertooth. For more information, see: http://greatscottgadgets.com/tc13badge/ Pogoprog update: The hardware design has been updated. It now uses Micro USB, has a secondary pin header, a more ergonomic PCB shape, and other small changes. Pogoprog can be used to write firmware to the LPC175x on all Ubertooth designs as well as the R8C microcontroller on the ToorCon 13 Badge. ubertooth-dump -f: The -f option tells ubertooth-dump to output the full USB data stream, not just the baseband symbol data. The -i option on ubertooth-lap, ubertooth-uap, etc. support file input of this type and can take advantage of timestamp information. Mostly this is useful for test and development. ubertooth-hop: So far this new command line tool only does hop reversal, an intermediate step toward frequency hopping.
Yesterday we have covered a story which was saying thatYesterday we have covered a story which was saying that U.S. Security Think Tank Stratfor was hacked by Anonymous. Later Anon authority completely denied this hack. In the official press release anon clearly said that Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait. They have also confirmed that the hackers - who may be linked to Sabu of LulzSec fame - managed to steal Stratfor's confidential client list and mined over 4,000 credit card numbers, passwords and home addresses." U.S. Security Think Tank Stratfor was hacked by Anonymous. Later Anon authority completely denied this hack. In the official press release anon clearly said that Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait. They have also confirmed that the hackers - who may be linked to Sabu of LulzSec fame - managed to steal Stratfor's confidential client list and mined over 4,000 credit card numbers, passwords and home addresses.
Press Release of Anonymous:- "Emergency Christmas Anonymous Press Release
-------------------------------------------
12/25/2011
THE STRATFOR HACK IS NOT THE WORK OF ANONYMOUS
Stratfor is an open source intelligence agency, publishing daily reports on data collected from the open internet. Hackers claiming to be Anonymous have distorted this truth in order to further their hidden agenda, and some Anons have taken the bait.
The leaked client list represents subscribers to a daily publication which is the primary service of Stratfor. Stratfor analysts are widely considered to be extremely unbiased. Anonymous does not attack media sources. In this excerpt from Time, there is a brief description of how Stratfor analysts uncovered a possible US backed coup in Iraq preceding the US invasion.
"In the past month Stratfor has drawn attention to a carefully assembled open-source report that asserted that last month's attack on Iraq wasn't intended just to punish Saddam Hussein for blowing off U.N. weapons inspectors. By sorting through thousands of pieces of publicly available data--from Middle East newspapers to Iraqi-dissident news--Stratfor analysts developed a theory that the attacks were actually designed to mask a failed U.S.-backed coup. In two striking, contrarian intelligence briefs released on the Internet on Jan. 5 and Jan. 6, Stratfor argued that Saddam's lightning restructuring of the Iraqi military, followed by executions of the army's Third Corps commanders, was evidence that the coup had been suppressed. Predictably, U.S. officials said the report was wrong."
Stratfor has been purposefully misrepresented by these so-called Anons and portrayed in false light as a company which engages in activity similar to HBGary. Sabu and his crew are nothing more than opportunistic attention whores who are possibly agent provocateurs. As a media source, Stratfor's work is protected by the freedom of press, a principle which Anonymous values greatly.
This hack is most definitely not the work of Anonymous.
Sensitive information about the Department of Prime Minister and Cabinet and other New Zealand agencies can be the next target after US host was hacked. US intelligence firm Stratfor had its website hacked by activist group Anonymous on Monday and data including credit card details of its clients, was stolen. The hackers claim Stratfor's more than 4000 clients include the US Defence Department, Microsoft, New Zealand Police, New Zealand Fire Service and Air New Zealand.
A spokesperson for the Department of Prime Minister and Cabinet, Rob Mackie, says it's confident no information's at risk, but was looking into whether anything had been compromised. Stratfor's website remains under maintenance since the cyber attack. He says the bigger concern is whether Stratfor is worth subscribing to, considering they were unable to keep their own information secure.
BAE Systems is better known for submarines and fighter jets than helping protect vulnerable children, but its cyber-security arm Detica has won recognition for its work with the Child Exploitation and Online Protection Centre to track down internet sex abusers.
Cyber-crime: Detica's high-tech systems can rapidly sift enormous amounts of data and identify patterns.
Detica has been appointed a strategic partner by CEOP after its high-tech systems, which can rapidly sift enormous amounts of data, dramatically reduced the time taken to identify offenders and safeguard children at risk.
It saved 330 working days for CEOP during Operation Rescue, a three year investigation by international police forces led by a UK team, which shut down the world’s biggest internet paedophile ring discovered to date.
The global forum had 70,000 followers at its peak, leading to 4,000 intelligence reports being sent to police across 30 countries. Operation Rescue is still going on and so far has targeted 240 offenders in the UK, arrested 121 and protected 60 children.
CEOP was set up in 2006 and is affiliated to the Serious Organised Crime Agency. It has built a huge bank of knowledge on how offenders think and behave.
Detica’s expertise is in tackling cybercrime and terrorism, with clients including governments. It also works for banks and insurance companies which want to detect and prevent fraud, and other businesses looking to protect themselves.
Its technology is capable of sifting through mountains of seemingly disparate data and identifying patterns that otherwise would be virtually impossible to spot.
In the case of paedophile rings, Detica can sieve through tens of thousands of internet messages and produce ‘risk scores’ on individuals, based on the language they use and their postings.
It has produced bespoke data analysis tools to reconstruct conversations, to produce profiles of suspects and to prioritise intelligence dossiers in a fraction of the time this would take using conventional methods.
‘The work we have done has freed up people at CEOP to concentrate on investigative work instead of being tied up with data processing,’ said Martin Sutherland, managing director of Detica.
WASHINGTON - US intelligence analysis firm Stratfor has warned its members whose emails and credit card information were hacked that they could be targeted a second time for speaking out on behalf of the company.
Online "hacktivist" group Anonymous claimed Sunday via Twitter that it had stolen a trove of emails and credit card information from Stratfor's member subscribers, pledging to carry out additional attacks.
"It's come to our attention that our members who are speaking out in support of us on Facebook may be being targeted for doing so and are at risk of having sensitive information repeatedly published on other websites," Stratfor said.
"So, in order to protect yourselves, we recommend taking security precautions when speaking out on Facebook or abstaining from it altogether," it said on its Facebook page, which it has used to communicate since its website was compromised.
Hackers provided a link on Twitter to what they said was Stratfor's private client list, which included the US Defense Department, Army, Air Force, law enforcement agencies, top security contractors and technology firms like Apple and Microsoft.
Stratfor however said the disclosure was "merely a list of some of the members that have purchased our publications and does not comprise a list of individuals or entities that have a relationship with Stratfor beyond their purchase of our subscription-based publications."
The hackers also posted images online claiming to show receipts from donations made by the hackers on behalf of some of Stratfor's members by using their credit card data.
The hackers said they were able to obtain the information in part because Stratfor did not encrypt it, which could prove a major source of embarrassment to the global intelligence firm.
Stratfor's website was still down as of Monday evening.
Anonymous has been involved in scores of hacking exploits, including the recent defacing of a website of Syria's Ministry of Defense to protest a bloody crackdown on anti-government protesters.
Last year, the shadowy group launched retaliatory attacks on companies perceived to be enemies of the anti-secrecy website WikiLeaks.
