The crowd-funding site Kickstarter has been Hacked! The company ​suggested to its users to change their password.

The popular crowd funding website Kickstarter is the last victim of a data breach, all the users are invited to change their passwords to avoid further problems. The news has been confirmed by the CEO of Kickstarter, Yancey Strickler, that revealed the company has been hacked by an unknown hacker last week.

Kickstarter is a platform for raising funds for a private project, users pledge a variable amount of money in return for certain levels of rewards from the project owner. During the account creation phase supporters provide their credit card information, the data is used to charge the cards once a specific project they have supported reaches its funding goal.

Kickstarter published an official announcement confirming the data breach and highlighting that no credit card information was stolen, the hackers have stolen users' personal information, but the company hasn't found evidence of unauthorized activities on accounts.

"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."

Kickstarter has more than 5.9 million registered users, despite the company hasn't provided information on how many accounts were compromised, it is clear that the situation could be very serious.

Data stolen by hackers included usernames, phone numbers, email addresses, mailing addresses and encrypted passwords of the users. 

Hackers which are using the 'survey' scam method to generate revenue have stepped up their game, instead of making single websites which will be serving one malicious video, they are now serving a full platform of videos which are embeded with the 'survey' code which generates the hackers revenue. The scam works in the following way, the victim is tricked to visit the website, once the user is on the website - the user will be forced to share the video first. Once the video has been shared, a 'survey' will pop-up which will demand the user to fill it completely. Because the victim shared the malicious website, the network of the victimized user will tricked to click on the malicious website. 

In the picture above, you will see a example of the 'Survey scam platforms' which we have found. 

As we have described in our massive list on Facebook malware, there are various methods the hackers are using to lure unaware users to these malicious websites. The best method that seems to hit a lot of users, is by using the syntax "MUST WATCH" or "SHOCKING", as always sexual content also works. 

Stay aware

The hackers have changed their template, and are now using a "Youtube" kind of theme which allows them to display multiple malicious videos at once. Do not click on these videos and do not share them! 

If you follow Anonymous on social media, then you can not have missed it. It is a total cyberwar in Venezuela, the Anonymous hackers have breached the Venezuelan ruling party their Twitter account. Anonymous is doing everything they can to raise awareness about the things that are happening in Venezuela. The Anonymous spirits have published a 'Information package' online which will help a lot of people to understand what is really happening. 

Official Twitter account of #Venezuela's ruling party hacked by #Lulzsec Peru. pic.twitter.com/wVBEClRGc5

— illumynous (@illumynous) February 17, 2014

We have created this information package as a clarification to the world that #OpVenezuela is not being waged in support for the political opposition of the current Maduro Administration in Venezuela, it is a pure stance against censorship and state violence.

 

Lately the turmoil in Venezuela has grabbed international headlines and the attention of analysts, human rights observers, Anons, and others... We have compiled a list of informative tweets you can share with your followers and friends to provide some of the background behind the chaos that surrounds Venezuela today.

Here's how people can circumvent #Venezuela's Government censorship systems. http://t.co/qMqyBjWF3t#opvenezuela

— Anonymous Press (@AnonymousPress) February 17, 2014

Tweets about "#OpVenezuela"

We rely on computers day-to-day, for most of us they are no longer just a luxury. What does it mean from a philosophical view-point; to live in the age of Hyper History?

Luciano Floridi is Professor of Philosophy and UNESCO Chair in Information and Computer Ethics at the University of Hertfordshire, and Fellow of St Cross College, Oxford.

Patriotic Chinese youths are starting to retaliate against the negative international press China has been receiving. A huge hidden army of young patriots are waging a cyber-war against the West.

Security researcher Brian Baskin has published a research which could conclude that GMAIL is actively trying to brute force password protected files. The researcher zipped a file with a virus and what happened next will blow your mind. 

His blog reads: 

As a professional malware analyst and security researcher, a sizable portion of my work is spent collaborating with other researchers over attack trends and tactics. If I hit a hurdle in my analysis, it's common to just send the binary sample to another researcher with an offset location and say "What does this mean to you?"



That was the case on Valentine's Day, 14 Feb 2014. While working on a malware static analysis blog post, to accompany my dynamic analysis blog post on the same sample, I reached out to a colleague to see if he had any advice on an easy way to write an IDAPython script (for IDA Pro) to decrypt a set of encrypted strings.



There is a simple, yet standard, practice for doing this type of exchange. Compress the malware sample within a ZIP file and give it a password of 'infected'. We know we're sending malware samples, but need to do it in a way that:



          a. an ordinary person cannot obtain the file and accidentally run it;

          b. an automated antivirus system cannot detect the malware and prevent it from being sent.



However, on that fateful day, the process stopped. Upon compressing a malware sample, password protecting it, and attaching it to an email I was stopped. GMail registered a Virus Alert on the attachment.



Stunned, I try again to see the same results. My first thought was that I forgot to password-protect the file. I erased the ZIP, recreated it, and received the same results. I tried with a different password - same results. I used a 24-character password... still flagged as malicious.



The instant implications of this initial test were staggering; was Google password cracking each and every ZIP file it received, and had the capability to do 24-character passwords?! No, but close.



Google already opens any standard ZIP file that is attached to emails. The ZIP contents are extracted and scanned for malware, which will prevent its attachment. This is why we password protect them. However, Google is now attempting to guess the password to ZIP files, using the password of 'infected'. If it succeeds, it extracts the contents and scans them for malware.



Google is attempting to unzip password-protected archives by guessing at the passwords. To what extent? We don't know. But we can try to find out.

He then run a script to protect his zip file with the 25 most common passwords:

import subprocess

pws = ["123456","password","12345678","qwerty","abc123","123456789","111111","1234567","iloveyou","adobe123","123123","sunshine","1234567890","letmein","photoshop","1234","monkey","shadow","sunshine","12345","password1","princess","azerty","trustno1","000000","infected"]
for pw in pws:
    cmdline = "7z a -p%s %s.zip malware.livebin" % (pw, pw)
    subprocess.call(cmdline)

He continues: 

Of all the files created, all password protected, and each containing the exact same malware, only the ZIP file with a password of 'infected' was scanned. This suggests that Google likely isn't using a sizable word list, but it's known that they are targeting the password of 'infected'.

To compensate, researchers should now move to a new password scheme, or the use of 7zip archives instead of ZIP.

 

Further testing was performed to determine why subsequent files were flagged as malicious, even with a complex password. As soon as Google detects a malicious attachment, it will flag that attachment File Name and prevent your account from attaching any file with the same name for what appears to be five minutes. Therefore, even if I recreated infected.zip with a 50-char password, it would still be flagged. Even if I created infected.zip as an ASCII text document full of spaces, it would still be flagged.

In my layman experience, this is a very scary grey area for active monitoring of malware. In the realm of spear phishing it is common to password protect an email attachment (DOC/PDF/ZIP/EXE) and provide the password in the body to bypass AV scanners. However, I've never seen any attack foolish enough to use a red flag word like "infected", which would scare any common computer user away (... unless someone made a new game called Infected? ... or a malicious leaked album set from Infected Mushroom?)

Regardless of the email contents, if they are sent from one consenting adult to another, in a password-protected container, there is an expectation of privacy between the two that is violated upon attempting to guess passwords en masse.

And why is such activity targeted towards the malware community, who uses this process to help build defenses against such attacks?

Updates:
There was earlier speculation that the samples may have been automatically sent to VirusTotal for scanning. As shown in the comments below, Bernardo Quintero from VirusTotal has denied that this is occurring. I've removed the content from this post to avoid any future confusion.

Others have come forth to say that they've seen this behavior for some time. However, I've been able to happily send around files until late last week. This suggests that the feature is not evenly deployed to all GMail users.

Notes:
 

• Emails were sent from my Google Apps account.
• Tests were also made using non-descript filenames (a.txt).
• Tests were made to alter the CRC32 hash within the ZIPs, and any other metadata that Google could target.
• The password "infected" was not contained in the subject nor body during the process.

EC-Council is having a rough time, it is the 3rd day that their website is having serious issues, last Saturday, a hacker obtained access to the webserver and defaced the EC-Council website, after EC-council 'fixed' the defacement, the hacker 'Eugene Belford' defaced the website again, and if we take a look at the website of ec-council.org - we will see that it is currently offline. 

Security researchers at InterCrawler discovered a Banking trojan which infected a large number of devices the Middle East belonging to Islamic Banks.

IntelCrawler cyber intelligence firm discovered a large fraud campaign against major Islamic banking institutions. The attackers have used a sizable mobile botnet, more than 27 000 intercepted SMS-messages were detected between April 2013 and Feb 2014, which puts many smart phone banking customers at risk.

The expert uncovered a malware which infected the mobile devices of banking customers to interfere with two factor authentication mechanisms implemented by the financial institutions. The malicious code, like any other similar banking trojan, is able to intercept OTP («One-Time-Password») token code used to validate user's transactions and sent it to the bad actor who implemented several types of secured and encrypted notifications, including alerts through configured Jabber. The attackers created a clone for a legitimate mobile banking app used by one of the principal Middle East financial banking institutions.

File type: Zip archive data, at least v2.0 to extract
 File name: ncbmtoken.apkFile size: 235454
 MD5:  f629adcfbcdd4622ad75337ec0b1a0ff
 SHA1:  b614696113212e4090eaae6b20bc22aad22651a0
 SHA256: 66911ee32fc4777bb9272f9be9eb8970b39440768b612fbab4ac01d8e23f9aa1

Giving a look to the Android manifest file it is possible to find indication on the functions implemented by banking trojan authors, including complete SMS management.

The experts at InterCrawler reverse engineering the banking trojan code discovered that it sends specific callbacks to administrative panel of bad actors using strings «AaB03x».

In particular the includes information about the infected mobile device such as IMEI and IMSI used by malware authors to identify a specific user within the overall amount of data captured. All the OTP codes intercepted are aggregated in a user-friendly administrative console which also allows to upload a new design template of malicious applications, generate new malicious code samples and of course to manage all the infected devices.

"The functionality of the mobile banking trojan allowed it to intercept all the messages from mobile device using predefined signatures, keywords, and search rules providing a sophisticated search engine for the bad actor with alerting to bad actor to predefined number." states the official post.

The most interesting feature appears to be the possibility to generate new mobile malware simply using pre-configured templates for popular applications. It's clear that the feature allows malware authors to adopt a Software-as-a-Service model of sale giving the opportunity to differed group of cyber criminals to easily create and distribute their own malicious code under the different legends.

It's not clear who is behind the attacks, according experts the attribution is not simply because of using keywords and domain names in various jurisdictions, which could be also used for targeted surveillance campaign against Eastern countries. The experts dubbed the banking trojan "mtoken-user7903.com", the domain used for the attacks was created on 5th February along with the group of similar domain names such as "mtoken-user1034.com", "mtoken-user3110.com", "mtoken-user4901.com", "mtoken-user7230.com". The investigators at Intercrawler have found many other similar domain names registered in October 2013 through NOW.CN, Todaynic.com, Inc is a Guangdong (China) based network company.As explained in the post, it is possible that bad actors behind the malware platform are conducting also a large cyber espionage campaign.

"It seems to be, that for that time, the bad actors planned to create the resource with various fake mobile banking applications for token codes generation with name «mtokenapps.com» IntelCrawler’s analysts and intelligence officers have been monitoring the underground to try and determine the motivations behind such attacks. Beyond the clear financial greed of draining bank accounts, which these targets in oil rich nations would seem attractive, other political motives could also be an alternative."

The Telecommunications Regulatory Authority (TRA) confirmed that the number of attacks has grown rapidly in the past three years, from 8,400 in 2010 up to 530,000 in the first quarter.  TRA also revealed to have detected more than half a million cyber attacks on UAE computer users in the first three months of 2013 year. It's easy to predict a further intensification of activities for bad actors in the area.Pierluigi Paganini(Security Affairs –  Mobile App security, banking trojan)

A hacker will need a good collection of passwords which can be used to brute force login forms. This password collection is free and it can be used for tools like 'Cain & Abel', John the Ripper and 'THC Hydra'. 

We have made this list as it is hard to find good password lists online. Most of the time you will have to pay for them or you will get a limited password list. These password lists can be used by penetration testers to audit their target. On the internet you can find a lot of password collections, searching for password torrent files always provides some password file resources. Using Pastebin as a resource for passwords will provide you some passwords as a lot of hackers leak database information on Pastebin.

Default password list for Routers & Switches

A default password list for routers and switches. This list supplies the following tables:
Vendor, Model, Version, Acces Type, Username, Password, Priviliges and Notes.

Default password list: http://www.phenoelit-us.org/dpl/dpl.html

Outpost9 Word List

Wordlist Downloads

1. HashKiller
2. HashKiller AIO
3. InsidePro
4. APassCracker
5. Openwall
6. ftp.ox.ac.uk
7. GDataOnline
8. Cerias.Purdue
9. Outpost9
10. VulnerabilityAssessment
11. PacketStormSecurity
12. ai.uga.edu-moby
13. cotse1
14. cotse2
15. VXChaos
16. Wikipedia-wordlist-Sraveau
17. CrackLib-words
18. SkullSecurity
19. Rapidshare-Wordlist.rar
20. Megaupload-birthdates.rar
21. Megaupload-default-001.rar
22. Megaupload-BIG-WPA-LIST-1.rar
23. Megaupload-BIG-WPA-LIST-2.rar
24. Megaupload-BIG-WPA-LIST-3.rar
25. WPA-PSK-WORDLIST-40-MB-rar
26. WPA-PSK-WORDLIST-2-107-MB-rar
27. Article7
28. Rapidshare-Bender-ILLIST
29. Rohitab
30. Naxxatoe-dict-total-new-unsorted
31. DiabloHorn-wordlists-sorted
32. Bright-Shadows
33. MIT.edu/~ecprice
34. NeutronSite
35. ArtofHacking
36. CS.Princeton
37. textfiles-suzybatari2
38. labs.mininova-wordmatch
39. BellSouthpwp
40. Doz.org.uk
41. ics.uci.edu/~kay
42. inf.unideb.hu/~jeszy
43. openDS
44. sslmit.unibo.it/~dsmiraglio
45. informatik.uni-leipzig-vn_words.zip
46. cis.hut.fi
47. Wordlist.sf.cz
48. john.cs.olemiss.edu/~sbs
49. Void.Cyberpunk
50. CoyoteCult
51. andre.facadecomputer
52. aurora.rg.iupui.edu/~schadow
53. cs.bilkent.edu.tr/~ccelik
54. broncgeeks.billings.k12.mt.us/vlong
55. IHTeam
56. Leetupload-Word Lists
57. Offensive-Security WPA Rainbow Tables Password List
58. depositfiles/1z1ipsqi3
59. MD5Decrypter/Passwords
60. depositfiles/qdcs7nv7x
61. ftp.fu-berlin.de
62. Rapidshare.com/Wordlist.rar
63. Rapidshare.com/Password.zip
64. Megaupload/V0X4Y9NE
65. Megaupload/0UAUNNGT
66. Megaupload/1UA8QMCN
67. md5.Hamaney/happybirthdaytoeq.txt
68. sites.Google.com/ReusableSec
69. Megaupload.com/SNK18CU0
70. Hotfile.com/Wordlists-20031009-iso.zip
71. Rapidshare.com/Wordlist_do_h4tinho.zip
72. Rapidshare.com/pass50.rar
73. Skullsecurity.org/fbdata.torrent
74. Uber.7z
75. freqsort_dictionary.txt
76. SXDictionaries.zip
77. Hackerzlair
78. Circlemud
79. Leetupload.com/WordLists 
    Passwords: to0l-base, zmetex, mrdel2000
80. Rapidshare.com/BIG_PASSWORD_LIST.rar 
    Pass:bodyslamer@warezshares.com
81. Rapidshare.com/dictionaries-vince213333.part01.rar
82. Rapidshare.com/dictionaries-vince213333.part02.rar
83. Rapidshare.com/dictionaries-vince213333.part03.rar
84. Rapidshare.com/Wordlist_Compilation.part1.rar
85. Rapidshare.com/Wordlist_Compilation.part2.rar
86. Rapidshare.com/Wordlist_Compilation.part3.rar
87. Rapidshare.com/Wordlist_Compilation.part4.rar
88. Rapidshare.com-word.lst.s.u.john.s.u.200.part01.rar
89. Rapidshare.com-word.lst.s.u.john.s.u.200.part02.rar
90. Rapidshare.com-word.lst.s.u.john.s.u.200.part03.rar
91. Rapidshare-Purehates_word_list.part1.rar
92. Rapidshare-Purehates_word_list.part2.rar
93. Rapidshare-Purehates_word_list.part3.rar
94. Rapidshare-Purehates_word_list.part4.rar
95. Rapidshare-Purehates_word_list.part5.rar
96. Rapidshare-_Xploitz_-_Master_Password_Collection.part1.rar 
    Pass: http://forums.remote-exploit.org/
97. Rapidshare-_Xploitz_-_Master_Password_Collection.part2.rar 
    Pass: http://forums.remote-exploit.org/
98. Rapidshare-_Xploitz_-_Master_Password_Collection.part3.rar 
    Pass: http://forums.remote-exploit.org/
99. Rapidshare-_Xploitz_-_Master_Password_Collection.part4.rar 
    Pass: http://forums.remote-exploit.org/
100. Rapidshare-_Xploitz_-_Master_Password_Collection.part5.rar
      Pass: http://forums.remote-exploit.org/
101. Rapidshare-_Xploitz_-_Master_Password_Collection.part6.rar
      Pass: http://forums.remote-exploit.org/
102. Rapidshare-_Xploitz_-_Master_Password_Collection.part7.rar 
     Pass: http://forums.remote-exploit.org/
103. Rapidshare-_Xploitz_-_PASSWORD_DVD.part01.rar 
     Pass: http://forums.remote-exploit.org/
104. Rapidshare-_Xploitz_-_PASSWORD_DVD.part02.rar 
     Pass: http://forums.remote-exploit.org/
105. Rapidshare-_Xploitz_-_PASSWORD_DVD.part03.rar 
     Pass: http://forums.remote-exploit.org/
106. Rapidshare-_Xploitz_-_PASSWORD_DVD.part04.rar 
     Pass: http://forums.remote-exploit.org/
107. Rapidshare-_Xploitz_-_PASSWORD_DVD.part05.rar 
     Pass: http://forums.remote-exploit.org/
108. Rapidshare-_Xploitz_-_PASSWORD_DVD.part06.rar 
     Pass: http://forums.remote-exploit.org/
109. Rapidshare-_Xploitz_-_PASSWORD_DVD.part07.rar
     Pass: http://forums.remote-exploit.org/

Online Hash Crackers

Hackers behind the twitter account @Op_Israel have made a clear warning that Israel is going to be hit again and they will not be able to counter this attack done by Anonymous hackers. On the Twitter account you will be able to view a history of news collected by the #opIsrael group, on the same Twitter account you will see that they have left a warning that they are going to initiate a new operation .

Heads up! #OpIsrael press release & video coming soon. Israel should have expected us. #Anonymous

— #OpIsrael (@Op_Israel) 13 maart 2014

AnonGhost and Anonymous seem to have a common interest in taking down Israeli networks and domains as Anonghost is known for their attacks in #opUSA, #opIsrael, #opPetrol  and #opIsrael birthday. These hackers are active from all around the world and one of the most known hackers of AnonGhost is the hacker Mauritania Attacker. The attack by AnonGhost is planned on 07/04/2014. 

Dr.web researchers have analyzed the Rbrute trojan which hacks WiFi routers so it can spread malware. The trojan follows instructions which are provided by a remote server. This remote server commands the Rbrute Trojan to start a 'dictionary attack' on a specific range of IP addresses. So for example, it would target '192.168.1.1' which often leads to the router of the infected computer. Most of the times weak passwords are used to protect these routers, the most famous password for these routers are username 'Admin' and password 'Admin'. 

Once the trojan has received a positive response from the router, the trojan will change the DNS settings of the router which will redirect the victim to malicious websites. This method works as it has Rootkit capabilities. 

Research has show that the Rbrute Trojan is capable of cracking passwords of different router devices. This includes the following models:

1. D-Link DSL-2520U
2. DSL-2600U
3. TP-Link
4. TD-W8901G
5. TD-W8901G 3.0
6. TD-W8901GB
7. TD-W8951ND
8. TD-W8961ND
9. TD-8840T
10. TD-8840T 2.0
11. TD-W8961ND
12. TD-8816
13. TD-8817 2.0
14. TD-8817
15. TD-W8151N
16. TD-W8101G
17. ZTE ZXV10 W300
18. ZXDSL 831CII

What can you do to protect yourself against the Rbrute Trojan, well - the first step in defense is that you install a working anti-virus application which will update itself each day. Once you have done this - the anti-virus will search your computer for malware. Rbrute will be detected by a updated anti-virus program. If you don't have one yet. You can download a free anti-virus program from the Microsoft.com website. 

Millions of government computers have been hacked with the 'Snake', 'Turla' and 'Agent.BTZ' malware which could have been deployed by the Russians. The 'Snake' malware first appeared in 2006, but it seems that the 'Snake' malware is now being deployed for more aggressive attacks. The defense company BAE Systems, reported that since 2013, the Ukrainian government computers have been hit by this malware for at least 22 times. 

Of course the resource of the virus can only be speculated, Kaspersky believes that the 'Snake' virus was more a 'phishing' attack then a 'cyberattack'. 

Russia has the means to erase any traces of its cyber intrusions and would have been more discreet, said Eugene Kaspersky, head of the Russian IT security firm that bears his name, saying that Snake looked more like a "phishing virus" than a "cyber weapon".

In the last weeks thousands of Ukrainian websites have been defaced by pro-Russian hackers, an example for this hacking groups is the pro-Russian group 'CyberBerkut', they claim that they have blocked over 700 Ukrainian government officials phones. 

The 'Turla' malware is the big brother of Agent.BTZ, Turla is a sophisticated piece of malware which allows the hacker to install rootkits and steal data. The Turla malware has been found in Europe and Ukraine. 

Several security researchers and Western intelligence officers say they believe the malware, widely known as Turla, is the work of the Russian government and linked to the same software used to launch a massive breach on the U.S. military uncovered in 2008. It was also linked to a previously known, massive global cyber spying operation dubbed Red October targeting diplomatic, military and nuclear research networks. Those assessments were based on analysis of tactics employed by hackers, along with technical indicators and the victims they targeted. 

Are you searching for a free remote administration tool (RAT) like the DarkComet RAT? Well we have collected several free RATS which will allow you to dominate the internet. Just remember that you only use these tools for educational purposes. These administration tools are made in various forms, you have the slim and fast ones and you have the strong ones like the DarkComet RAT. 

So why do people use Remote Administration Tools? Well, the reasons could be pretty straight forward. Take a look at the list below: 

• Have you ever wondered what your spouse, children or employees are doing while on the Internet?
• Do you think that your wife or husband is cheating on you?
• Is your computer being used as a common PC for a group of people, and you fear it being used for unwanted purpose?
• Are your kids chatting and playing games instead of working

Poison Ivy Remote Administration Tool

Blackshades Remote Administration Tool

Blackshades is mainly an IT surveillance and security-based organisation, directed at making your PC experiences easier. The main goal is to offer affordable software solutions comparable to bigger names out there.

Blackshades RAT will allow you to takeover each computer that you wish. 

Download Blackshades RAT

Kali Backtrack

Kali Backtrack is a operating system which holds a massive list of security tools, amongst the security tools you will find several Remote Administration Tools and exploits which will allow you to have access on a remote computer. The Remote Administration tool can be found for example in the Social Engineering Toolkit, once you have started the Social Engineering Toolkit simply navigate to the third party modules and enable the RATTE remote administration toolkit. 

Download Kali Backtrack

Do you wish to monitor and access the phone's text messages, call history, e-mails, GPS location and more from any web browser on the smartphone of your choice?

Developers of My Spy (mSpy) designed a software for monitoring your employees or underage children on a smartphone or mobile device.

One feature of mSpy record activities from Skype, WhatsApp, iMessage, and Viber messaging services used on the target phone.

Another  features of recording browsing history,websites bookmarks or blocked websites.
 

According Dutch Cyber seccurity perspective 2013 an annual NL Security report by  KPN NL, KLPD, TNO, NCSC,for a ten U.S. Dollar you can buy a DDoS attack to get a website down.

This reprts says you can buy hacking services and online support if desired.

The report provides insight into a number of major cyber attacks that took place in 2013 in the Netherlands and also looks ahead to future trends, which may have an impact on society, both in the Netherlands and worldwide.

The report provide important information about Edward Snowden files,The Belgacom case and more ;

The NSA collects vast amount of data from the worlds telecommunication backbones and satellite connections.Next to intercepting data in transit, the NSA had deployed over 50,000 instances of malware worldwide to provide access to computers or other devices. They refer to this as Quantum Inserts (QI). The size of this data extraction network is comparable to a medium size botnet. With these QIs, they even gained access to smartphones of world leaders.

To better combat cyber attacks a cooperation has been started with ethical hackers and a Responsible Disclosure procedure has been created.

Download the Report

Are you searching for a tool or method to hack WPA2 secured WiFi connections? Well, this team of investigators have found a way on how to breach a WPA2 security quite easily. The researchers say that this wireless security system can be breached by a malicious attack on a network. they can simply browse to the router and change the WPA2 password, but they also claim the following. 

However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time. The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily. Temporarily is long enough for a fast-wireless scanner and a determined intruder.

Earlier we published a report on how you can hack a WiFi password, this included the fact that laptops, smartphones can be stolen and then it is very easy to obtain the WPA2 password, you can read it here. 

Google has announced to have adopted encrypt mechanisms for all Gma​il connections to reply to the increasing demand of privacy of Internet users.

Google decided to encrypt all Gmail connections to reply to the increasing demand of privacy of Internet users, all the links between its data centers will be encrypted. The surveillance programs disclosed by documents leaked by Edward Snowden have conditioned the business strategies of companies like Google and Microsoft. NSA is able to spy on every technology on a large scale, for this reason the Google company has decided to make important improvements in its infrastructure to make it more difficult for governments and attackers to spy on users' traffic. The most significant improvement is the adoption of HTTPS protocol as the default choice for its Gmail service, Google has in fact decided to enforce SSL encryption on all Gmail connections.

With this choice Google want to reinforce his image reiterating the non-involvement of NSA surveillance programs despite in these days agency general counsel Rajesh De confirmed that big tech companies like Yahoo and Google provided ‘full assistance’ in the legally mandated collection of data. Google also made another important technical improvement, it has encrypted all of the links between its data centers. It will be really hard to spy on Gmail messages, that thanks to the modification made by Google will be encrypted during all their lifetimes since they leave users' computers.

“Starting today, Gmail will always use an encrypted HTTPS connection when you check or send email. Gmail has supported HTTPS since the day it launched, and in 2010 we made HTTPS the default. Today’s change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you’re using public WiFi or logging in from your computer, phone or tablet,” “In addition, every single email message you send or receive—100 percent of them—is encrypted while moving internally. This ensures that your messages are safe not only when they move between you and Gmail’s servers, but also as they move between Google’s data centers—something we made a top priority after last summer’s revelations.” has written in a blog post Nicolas Lidzborski, Gmail Security Engineering Lead. 

As stated by Lidzborski Gmail users have had the possibility to choose HTTPS only as the default connection in the last four years, but evidently it was enough because the majority of users ignored it. Now users' connections to Gmail will always be encrypted by default.

Pierluigi Paganini

(Security Affairs –  Encryption, GMail)

The last report issued by China’s Computer Emergency Response Team (CNCERT) blames US for the majority of malware based attacks against the Chinese systems.

There was once a dreaded China that violated the systems across the world and all the countries accused its cyber units to conduct aggressive and reckless hacking, today's world politics discovered that US Intelligence has always adopted a similar strategy.

The last report issued by China’s Computer Emergency Response Team (CNCERT) revealed that the number of malware based attacks against the Chinese systems is jumped by more than 50 per cent over the past twelve months, and the US Government is considered responsible for a series of offensives conducted with the intent to gain a persistent access to the Chinese networks.

The report has been issued a few days after the Snowden's revelation on the hacking activities conducted by the NSA against the Chinese Giant Huawei with the aim of installing backdoor into its products to extend its large-scale surveillance.

As explained in the report published last year by the CNCERT, the document remarks that China is also victim of serious attacks run by foreign hackers, Chinese authorities are concerned regarding the pressure of the offensives originated from West, also in this case the majority of the incursions were traced back to the United States. The CERT also warned of the consequences of hacktivism, groups like Anonymous caused serious problem  for Chinese organizations. Anonymous blamed for nearly attacks on 600 against Chinese infrastructure, including one the People’s Bank of China.

The results of the annual report are alarming for the Chinese Government, nearly 15,000 "hosts" were hacked by attackers that used "APT Trojan", nearly 61,000 sites were infected with backdoor by foreign hackers in 2013. The number of  backdoor-based attack raised by 62 per cent in the same period.

"Local government websites are hacked "disaster area", in 2013 our country has been tampered with and the backdoor government web sites, more than 90% below the provincial and municipal local government websites. Our government website frequently suffered hacker attacks organization, which "Anonymous" hacker group, such as the invasion of our country at least more than 600 sites. Following the central bank clearly does not endorse Bitcoin, the central bank official website and official Sina Weibo being hacked."  states the translated version of the announcement made in 28th March at the National Internet Emergency Center ( CNCERT ) held in Beijing.

An overall amount of 10.9 million Chinese PCs was infected and controlled by foreign actors last year,  US hackers accounted for 30.2 per cent of these attacks, but very active resulted also South Korea, the country in fact with Hong Kong are mentioned as a persistent source of attacks.

The fact that an attack has been originated in the US is not meaningful for the attribution of responsibility, US infrastructures are continually targeted by hackers because represent privileged platforms to move the attacks due their reputation and reliability of the architectures.

The report has also warned of the rapid growth of cyber threats that target mobile platforms, the number of new malware family for Android is exploding, in 2013 703,000 new mobile malware samples (99.5 percent for Android platform) were detected, an increase of 330 respect 2012. Recently TrendMicro published an interesting study on the Chinese Mobile underground, describing products and services by cyber criminals to conduct illicit activities, this report is aligned with information provided by the CNCERT.

"Mobile application store, forums, download sites, dealers and other ecological system contamination upstream and downstream users infected faster." states the CNCERT report.

The report shows an alarming scenario, Chinese authorities are concerned for their population that is exposed to serious a risk of hacking and data breaches,  the CNCERT reports, in fact, that the number of hardware and software vulnerabilities in the communication network equipment is increased of 1.5 times respect 2012.

Pierluigi Paganini

(Security Affairs –  CNCERT, China)

Are you a security expert or are you a malicious hacker? Google does not care! If you are using search queries that are noted as 'hacking' by Google you will get a warning from Google on your screen. The Google machine will tell you that the systems have detected unusual traffic from your computer network, and that they have banned it from making any further queries. 

This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the Terms of Service. The block will expire shortly after those requests stop. In the meantime, solving the above CAPTCHA will let you continue to use our services.

This traffic may have been sent by malicious software, a browser plug-in, or a script that sends automated requests. If you share your network connection, ask your administrator for help — a different computer using the same IP address may be responsible. Learn more

Sometimes you may be asked to solve the CAPTCHA if you are using advanced terms that robots are known to use, or sending requests very quickly.

Now we got this message when we were using Google Dorks to find some specific items on the internet. Captcha solved, lets continue!