Twitter Is Banning Anonymous Hackers for Harassing ISIS Members

A tweet from a disgruntled Anonymous hacktivist has just gone viral, and the hacker is accusing Twitter of protecting ISIS terrorists as part of their “no bullying” campaign by suspending Anonymous accounts that report ISIS Twitter profiles on a too frequent basis.

Ever since the Charlie Hebdo attacks from early 2015, Anonymous hackers have been waging cyber-war against ISIS terrorists, an initiative that intensified tenfolds last November after the brutal Paris attacks.

While sometimes the group has taken down ISIS sites via DDoS attacks, most of the time, the group has been sabotaging ISIS’ online presence by reporting their Twitter or Facebook accounts and having them taken down.

Twitter took down 125,000 ISIS accounts

In fact, the hacker collective group has been so efficient at its job that Twitter announced at the middle of February that it took down more than 125,000 ISIS-related Twitter accounts. But as one of the Anonymous hackers explains, it’s exactly this announcement that has annoyed the group’s members.

In a message posted on his Twitter account (see the first tweet below the article), Wauchula Ghost, a former GhostSec member and current Anonymous affiliate, says that Twitter actually took credit for Anonymous’ work while also sabotaging their efforts.

As the hacker explains, Twitter is slow to react to takedown notices for ISIS accounts, often requiring more than twenty such reports for an account to be taken down, and numerous times, the social network has been taking down Anonymous accounts as well.

In an interview with Epoch Times, Wauchula Ghost is saying that this might be because of Twitter’s newly announced anti-harassment policy. He says that Twitter is mislabeling their takedown reports against ISIS accounts as online bullying and banning its members instead.

Twitter is cutting the branch from under its feet

Even his account was among those that got taken down, and he says that Twitter didn’t even bother to let him know why he had his profile suspended.

In his case, a quick response from the community, which quickly and fervently tweeted at Twitter’s support staff managed to get his profile reinstated, but there are countless other accounts that weren’t.

The reason for the hacker’s public outrage against Twitter is the fact that the company seems to revel in the positive public image, which comes with being an active anti-ISIS fighter, but it’s not really doing “any” of the work. Even worse, the company seems to avoid any type of collaboration with the Anonymous group.

Taking into account that Twitter made its “125,000 ISIS accounts taken down” announcement only a month after a Florida woman sued the company for giving ISIS a platform for their propaganda, Anonymous is hinting at the fact that Twitter is not really dedicated to taking down ISIS accounts at all.


A Pastor With A Bitcoin Hacks Into A Bank…

It was only a matter of time.

That a pastor … got nabbed for his alleged involvement in a bitcoin banking hacking scheme?

But more on that later.

First, we’ll start with bitcoin’s nightmare of the week.

The contentious debate about bitcoin’s block size that has dominated the bitcoin news cycle for months has finally hit a breaking point: Bitcoin’s core network, and its ability to properly process transactions, has hit its max.

Perhaps, it’s time to get Satoshi Nakamoto out of hiding.

Where this debate started was with the fear that bitcoin’s network needed to be overhauled and its core software needed work to expand its block size to 2MB in order to ensure the network could continue growing. Well, as you’ve probably noticed if you’ve been paying attention to the debate at all, no one could agree on what to do.

And so, the Bitcoin Core vs. Bitcoin Classic debate raged on.

But what has reportedly happened as a result is that the network has reached its capacity, which has inevitably delayed transactions from occurring — or, in some instances, simply failing. As a result, it’s delayed some transaction times from 10–43 minutes, according to a report by The Verge. And from other reports, this has led to shops that once accepted bitcoin to stop doing so. And users are just left in the dark at the moment.

Wait, wasn’t the blockchain our answer to faster payments?

But we digress.

The whole block size dilemma is why many in the bitcoin community pushed to increase the block size limit, but that never happened. At the moment, bitcoin’s blocks take about 10 minutes to mine and are 1MB in size. But the problem is that, with the current volumes running through the network, it simply can’t keep up.

Increasing the size would enable bitcoin to continue growing, gain more users and essentially get more attention from the masses.

Of course, as with anything related to bitcoin, it’s not as simple as it sounds. And that’s where the legality debate over what’s referred to as the bitcoin “hard fork” has originated. At least, according to one pro-bitcoin attorney, that hard fork of bitcoin could be illegal and could open up a whole new can of worms for bitcoin developers over liability issues.

On the legal side, it’s been argued that having a new fork in bitcoin’s code would open up an entirely new batch of legal issues for the new creators. That complicates things for investors, users and the entire bitcoin community, some have argued. It could also open up bitcoin exchanges to more legal issues and complicate the entire process of enabling bitcoin transactions as an exchange.

Surely, no one can be that surprised that the bitcoin community can’t come to a consensus on this issue. The debate has even pushed out a prominent developer who left after he said the network was controlled by too few voices and that the divide in the community was just too much to overcome.

There are skeptics who suggest that growing bitcoin’s capacity would destroy the virtual currency. And there’s another side of the debate that’s saying this divide in the bitcoin community is preventing any innovation from occurring.

And guess what else? Surprise, surprise. The most recent debate has reportedly caused some mudslinging and reportedly sketchy tactics by some to argue their side of the case. The Core side says the network is being overloaded with spam transactions by the Classic side that is overwhelming miners. The Classic people have claimed block miners have been hit with DDoS attacks during this process.


In the end, it’s up to the bitcoin miners to sort out what computing power bitcoin should be running at, regardless of what the community actually votes for. As The Verge article points out, it’s similar to the delegates selecting a candidate to run in the presidential election.

Or, more appropriately, between a fork and a hard place.


Pastor Indicted In Bitcoin-Linked JPMorgan Hacking Case

A pastor, bitcoin and a bank hacking case. Now, there’s three things you don’t often see in one headline.

Just yesterday (March 3), a New Jersey pastor was indicted for his alleged connection to a bribery scheme that involved — yes, you guessed it — a bitcoin exchange. But, even juicier, that bitcoin exchange has been linked to cyberattacks on JPMorgan Chase and other major companies.

This case involves the pastor, Trevon Gross, who was the former chairman of the Helping Other People Excel Federal Credit Union. He has been charged with taking payments that enable an illegal bitcoin exchange to operate and eventually gain control of the credit union.

Allegedly, Gross accepted $150,000 in bribes from a group who operated an unlicensed bitcoin exchange. Well, that exchange eventually was connected to a scheme that was intended to hold that credit union and other banks captive — leading to a massive hacking scheme.

How massive? Reports show that the banking hack involved over a dozen companies’ networks, which resulted in the personal information of 100 million people stolen. JPMorgan was one of the companies, with records of more than 83 million customers being potentially compromised.

And here’s where bitcoin comes into the mix. Prosecutors claim that the bitcoin exchange,, then exchanged millions of dollars worth of bitcoin for other customers, including the pastor’s credit union. Federal regulators liquidated that credit union last November, according to Reuters.

Gross eventually gave himself to the FBI and is scheduled to be arraigned today.


Bitcoin’s Tech Gets The Big Bank Test

All was not lost for bitcoin this week — at least on its technology side. That side, of course, is the side of bitcoin everyone wants to talk about (the blockchain).

And, from the sounds of it, the technology that powers bitcoin is making inroads with Wall Street’s banks. This news follows the FinTech company R3 CEV, which brought together 42 banks to test how a set of standards could be established for financial service companies looking to implement blockchain’s tech.

This week, R3 announced that the initial trial has concluded, which involved 40 banks within the consortium participating by testing five blockchains on how they could be used to issue, trade and redeem a fixed-income product.

And that’s a big step for blockchain in the financial services arena, as it’s believed to be the biggest test of its kind that has to do with a real-life scenario that impacts the financial markets ecosystem. And during a time when bitcoin and blockchain are undergoing their own sort of identity crisis, this just might be the bright spot that’s needed for the digital currency and its technology.

Some of the major banks that participated in the trial included Bank of America, Barclays , BBVA, Bank of New York Mellon, Citi, Deutsche Bank, JPMorgan, Goldman Sachs, HSBC, Morgan Stanley, State Street and Wells Fargo.

Not a shabby list.

“This development further supports R3′s belief that close collaboration among global financial institutions and technology providers will create significant momentum behind the adoption of distributed ledger solutions across the industry,” David Rutter, R3’s chief executive, said in a statement.

“These technologies represent a new frontier of innovation and will dramatically improve the way the financial services industry operates, in much the same way as the advent of electronic trading decades ago delivered huge advancements in efficiency, transparency, scalability and security.”


DDoS attacks threat growing, study says

DDoS (Distributed Denial of Service) attacks continue to increase dramatically, threatening websites and businesses globally, according to a study cited by IPC, the country’s pioneer DDoS Mitigation service provider.
The study conducted by IPC’s DDoS Mitigation partner Imperva Incapsula, entitled Global DDoS Threat Landscape Q4 2015, used data from 3,997 network layer and 5,443 application layer DDoS attacks mitigated by Incapsula from October 1 to November 29, 2015.
A DDoS attack is a costly form of cyber crime where a large volume of malicious traffic is flooded into a website, causing it to crash. This is a planned and coordinated attack to disrupt the normal function of a website.
According to the study, the United States, United Kingdom and Japan are the top three targeted countries. Furthermore, UK-based and Japan-based sites saw a 20.7 percent and 7.4 increase in attacks, respectively.
“DDoS is a serious online crime that cannot be ignored. It warrants a definitive course of action from highly-skilled professionals trained in this type of cyber war,” said IPC president Rene Huergas. He added that the Incapsula report is a clear indication of how DDoS poses a formidable threat to businesses in any industry worldwide, including the Philippines.   In the study, it was revealed that there were changes in the DDoS attack patterns during the last quarter of 2015 and a surge in the use of DDoS-for-hire services. A 25.3-percent increase from the previous quarter in terms of frequency of network layer attacks was also recorded.
The longest application layer attack — to date lasted for over 101 days. The target was a US-hosted Web site registered to a small catering business. Moreover, a 325Gbps network layer attack, one of the largest to ever be documented, occurred in mid-December 2015.
“Business leaders and entrepreneurs must be vigilant against these attacks, which can cause damage to their companies’ coffers. As what the report stated, the perpetrators are finding new ways to infiltrate Web sites and crash these on purpose,” Huergas pointed out.
Cyber crimes on a larger scale can take its toll on a country where there is a growing need for companies to go online to reach a bigger target market. A recent example is when the National Telecommunications Commission (NTC) Web site was defaced by hackers claiming to be from Anonymous Philippines. As the group turned the NTC page black, they posted their grievances over the state of Philippine Internet. The attack went viral immediately, not only bringing to the public’s attention the group’s cause but exposing the vulnerability of the website of a government agency.
Aside from the government, most businesses in the retail and financial industries in the Philippines have online presence. E-commerce, for one, continues to thrive, attracting customers who spend a lot of time online. Some of these e-commerce sites have advertised aggressively, spending millions for production and tri-media (TV, print and radio) placements, proof that e-commerce is an emerging industry.
Aside from this, most decision makers recognize the importance of going digital to grow their business. Indeed, there is a need for effective online safeguards and security measures to prevent DDoS attacks.


Akamai speeds Australian DDoS blocking as botnets-for-hire make attacks shorter, more frequent

Australian targets of distributed denial of service (DDoS) attacks will see a “dramatically increased” user experience after DDoS-blocking content distribution network (CDN) operator Akamai marked continuing surges in DDoS volumes and intensity by opening a dedicated ‘scrubbing centre’ this week in Sydney.

The facility – so named because it commandeers identified DDoS attack traffic and strips it from the incoming traffic streams heading to Akamai’s telecommunications, cloud-services and other customers – is the firm’s seventh such site around the world and will boost the speed at which Australia-bound DDoS attacks are identified and blocked.

Such attack traffic was previously routed through similar Akamai sites in Hong Kong, Tokyo or Los Angeles – but with the Sydney site now online, “legitimate user traffic doesn’t have to leave Australia,” Akamai APJ principal enterprise security architect James Tin told CSO Australia. “We attract all the attack traffic from Australia, scrub it and only allow the good traffic to pass on to our customers.”

Demand for third-party DDoS services has surged in recent years along with continuing growth in DDoS attacks, which are particularly dangerous for Australia because a large enough attack could overwhelm limited undersea capacity.

Akamai’s newest State of the Internet (SOTI) – Security Report, for the fourth quarter of 2015, saw the number of Web application attacks jump 28 percent over the previous quarter while the number of DDoS attacks jumped by 40 percent in that time.

Total DDoS attacks were up by 149 percent over the same period a year earlier, although average attack duration was barely half of what it was a year earlier – 14.95 hours versus 29.33 hours at the end of 2014.

On average, customers were targeted with 24 DDoS attacks each during the most recent quarter, with three customers hit more than 100 times and one customer hit 188 times – more than twice per day during the reporting period.

Many of these attacks were part of larger campaigns to compromise targets: “We’ve seen attackers be quite smart,” Tin said.

“They send attacks that distract security teams, and then while they’re distracted they throw in targeted, multi-vector type attacks. You can’t mitigate these as normal; you have to mitigate them with customised mitigation techniques to ensure that you don’t overblock. And they’re getting quite persistent.”

Much of that persistence is the observed effect of the commoditisation of DDoS attacks, which are now available to anyone online through well-established DDoS-on-demand services that tap into armies of malware-compromised botnets to pummel a target domain with traffic for a low cost.

The “vast majority” of the 3600 DDoS attacks observed in Q4 were caused by such networks, according to the SOTI – Security Report’s findings, although the fact that the meter is ticking during such attacks – and that many botnet-based services have built-in time limits – saw a shift away from the “mega-attacks” common a year ago. Indeed, average attack duration dropped nearly 21 percent from the previous quarter.

Misuse of commercial stress-test services has also been fingered as a cause for the ongoing growth in DDoS attacks.

DDoS attacks have become an increasing problem in Australia, which over the last year has been named both the world’s second-largest victim of DDoS attacks and, briefly, one of the ten worst DDoS instigators.


What’s the Deal With Cyberwar?

On Wednesday, March 9, New America’s Cybersecurity Initiative will host its annual Cybersecurity for a New America Conference in Washington, D.C. This year’s conference will focus on securing the future cyberspace. For more information and to RSVP, visit the New America website.
So, what does cyberwar mean anyway?
At core, when we talk about cyberwar, we’re just talking about warfare conducted through computers and other electronic devices, typically over the Internet. As the very ’90s prefix cyber- (when was the last time you heard someone talk about cyberspace with a straight face?) suggests, it’s been part of our cultural and political conversations since the early ’80s. In recent years, however, such conversations have picked up as those in power become more conscious of our reliance on computers—and our consequent vulnerability. Perhaps more importantly, information like that disclosed by Edward Snowden has demonstrated that governments have already made preparations for virtual conflict, whether or not they’re actively engaging in it now.
That’s partly because it’s hard to provide a definitive answer. Experts tend to argue about the way that we use the term cyberwar. Some suggest that we should use it to discuss only acts of war that do real damage by purely digital means. In this sense, Cyber World War I would presumably be a war conducted entirely online, one in which there would be no opportunity for “boots on the ground.” Loss of life—if there were any—would presumably come about through attacks on the digital components of critical infrastructure rather than from bullets or bombs.
Since many feel that we’re unlikely to ever find ourselves in such a situation, it might be more practical to speak of a cyberwar as a conflict in which the digital simply plays a central part. But if we take that approach, we might just be giving a new name to the way we already do things.
What does cyberwar actually look like?
The first is the grayest, since it’s hard to distinguish from conventional espionage. It involves activities like mapping and accessing protected computer systems in order to acquire information. Much of this falls under the rubric of “signals intelligence,” a concept that’s been circulating in intelligence communities since the early years of the 20th century.
Second is massive, large-scale intellectual property theft, which is also arguably a subset of old-fashioned forms of espionage. It has, however, accelerated with the rise of the Internet, costing the U.S. hundreds of billions a year according to some estimates. Cybertheft has become serious enough that in 2015 the U.S. and Chinese governments formally agreed to not support or encourage it, though neither admitted that they were doing so in the first place.
Third, there are direct attempts to disable computers and networks. Here, we’re in the terrain of distributed denial of service attacks, Trojans (malicious programs that make their way onto computers by pretending to be something else), and so on. We see this all the time when someone, say, conducts a DDoS attack against an organization he doesn’t like. But the stakes get even higher when the same thing happens to a bank or a hospital.
Finally, you have attempts to use computers to cause physical damage through viruses and other forms of malicious code. When people worry about cyberwarfare, this is usually what they have in mind: They’re imagining attempts to knock airplanes out of the sky or blow up pipelines. With a few important exceptions, this branch of cyberwar is mostly theoretical.
Am I crazy for thinking a lot of this just sounds like run-of-the mill hacking?
You’re not, which is why many references to cyberwar employ the term to primarily (or even exclusively) describe the actions of nation-states. If we take that approach, cyberwar names what countries are up to when they hack one another. But if we apply the term too broadly, it amps up the stakes of things that nations are doing to one another as a matter of course, such as surveillance of foreign leaders. If we insist on classifying ordinary peacetime intelligence-gathering as a kind of war, we could end up escalating conflicts where none existed previously.
A further complication comes from the “attribution problem,” the difficulty of definitively assigning blame for a cyberattack. This can give governments plausible deniability, allowing them to shunt their actions onto private entities, even when it seems clear who’s done what. When hackers accessed a Pentagon email system in 2015, for example, reports suggested that Russia was responsible, but it was difficult to discern whether individuals or state actors were actually at fault. Under such circumstances, how do we know what does and doesn’t count as an act of war?

Can we get back to the physical damage thing? Have we ever seen anything of the kind?
Some claim that a logic bomb was responsible for an explosion on the trans-Siberian pipeline in the ’80s, but that assertion has been widely disputed. The most famous real-world example that we’re sure is actually real would therefore be the Stuxnet worm. Released by the United States under the Obama administration—and seemingly developed in collaboration with Israel—Stuxnet was an attempt to disrupt the Iranian nuclear program. It worked by sabotaging centrifuges, speeding them up or slowing them down in ways that made them fall apart. Before it spread into the wild and was detected, this cyberweapon destroyed almost one-quarter of Iran’s nuclear centrifuges. More recent revelations indicate that the United States planned subsequent actions—under the code name Nitro Zeus—against the eventuality that talks with Iran fell apart.
Did Iran strike back?
Not directly, but hackers seemingly associated with Iran have committed other acts of digital aggression. In 2014, after right-wing American businessman Sheldon Adelson advocated the use of weapons against Iran, hackers attacked computers and servers of Adelson’s Sands casinos. Instead of stealing money or information, the hackers—identified as Iranian by U.S. intelligence—destroyed the casinos’ computers, doing tens of millions of dollars of damage in the process. As Slate’s Fred Kaplan writes in his book Dark Territory, this “was a new dimension, a new era of cyber warfare,” since the hackers’ intent was solely “to influence a powerful man’s political speech.”
This attack on Sands may have been more representative of the existing norms of cyberwar (again, depending on how you define it, and whether you include attacks on commercial entities) than Stuxnet. The hackers’ modus operandi—shutting down computers and defacing Web pages—resembles that of Anonymous, which trades in denial of service attacks and similar aggression, more than it does the work of the National Security Agency.

Are there other examples of countries coming after the United States?
In 2008, NSA analysts discovered what Kaplan calls “a few lines of malicious code” operating in the U.S. Central Command’s network. The worm, which sought to scan the system for vulnerabilities, seems to have found its way into the system—one that wasn’t connected to the public Internet—through a flash drive with Russian origins. Despite that, its real origins remain uncertain.
The most famous politically motivated breach in recent years, however, is probably the Sony Pictures Entertainment hack. When the company was preparing to release The Interview, a hacker group called the Guardians of Peace came after it. The hackers destroyed thousands of computers and appropriated immense amounts of information, much of which was subsequently leaked online. The FBI publicly connected the Guardians of Peace to the North Korean government, which felt the film was disrespectful. Since this wasn’t one government directly attacking another, some wouldn’t classify it as cyberwar. But it’s still an example of a politically motivated attack executed through the Internet, with lasting consequences, apparently at the behest of a government.
OK, that sounds bad, but what about the real nightmare stuff? Should we worry about attacks on the power grid?
It’s a scary thought, one that some political candidates have explored at length: If someone were to knock out critical elements of our infrastructure, we’d presumably be looking at the collapse of civilization as we know it. For the most part, though, our power systems aren’t as vulnerable as, say, Sony’s computer network, partly because their critical components aren’t typically connected to the Internet. Despite that, the U.S. government is attentive to the possibility that such attacks might occur, and the Defense Advanced Research Projects Agency has invested millions to prevent them.
If cyberwar is mostly about the actions of countries, how does terrorism fit in?
This is where things get even fuzzier: Generally, when people talk about cyberterrorism, they’re thinking about recruitment. President Obama famously described ISIS as “a bunch of killers with good social media,” referring to the role that Twitter, Facebook, and other sites have played in the group’s spread. Social media may also help predict the actions of terrorist organizations. On both sides of the equation, however, we’re still dealing with ways that the Internet facilitates real-world action, not things done solely through the Internet.
It’s certainly conceivable that a terrorist group could employ the weapons of cyberwar in support of its cause. The source code for Stuxnet is publicly available, for example, and though it was designed to target the Iranian systems in particular, some worry that it might be possible to transform it into a different sort of weapon. But we haven’t seen anything of the kind to date.

You mentioned Snowden earlier. How do the NSA’s data collection programs fit into all this?
If you’re referring specifically to the metadata-based domestic surveillance initiatives, they don’t really, since by most understandings they’re more a matter of policing than of out and out warfare. That being said, the documents Edward Snowden leaked contain information about cyberwarfare projects. Presidential Policy Directive 20—a document created under the Obama administration—affirms the importance of offensive cyberoperations against “U.S. national objectives around the world.” It also acknowledges, however, that developing capabilities for such attacks “may require considerable time and effort.” In other words, we’re probably not going to tumble into Cyber World War I any time soon.
So is there any reason to worry?
As Kaplan points out in Dark Territory, one of the most significant dangers may be the strangely asymmetrical position that the U.S. finds itself in. Our reliance on computer systems means that we’re actually more vulnerable than many of the targets that PPD-20 nods to.
More generally, the most important function of conversations about cyberwarfare may be to ensure that cyberwarfare never actually happens. The U.S. started preparations for cyberwarfare after a panicked Ronald Reagan saw WarGames in 1983. As far as we know, no one’s ever come close to actually hacking the country’s nuclear arsenal, and it’s possible that we have Reagan’s fearful reaction to thank for that. In that sense, we probably should keep talking, but it may be best to dial back the alarmism: Cyberattackers could be digging through our systems in search of exploits and back doors, but they won’t be turning off the lights.
So what should we be talking about then?
That’s partly on you! We’ll be focusing on this topic all month, and we want that coverage to be as useful as possible. What questions remain for you? What still troubles you? And, of course, what do you think?


French Anonymous hackers go on trial

Three French Anonymous activists went on trial Tuesday for hacking a police union website, collecting contact information for hundreds of police officers and disclosing the details online in 2012. A prosecutor asked a Paris court to hand the three men, aged 22 to 27, a one-year suspended sentence and a 5,000 euro fine each.
The three are also accused of breaking into two government sites and blocking public access for days.

The names, phone numbers, and personal and professional email addresses of 541 police officers who were members of the SGP-FO police union were posted online in January 2012 after a hacking attack claimed by the Anonymous organization, a loosely-associated international network of hackers.

The police officers are asking for 73,000 euros in damages overall, another lawyer for one of the defendants, Matthieu Hy, said.

The criminal court will deliver its ruling March 22.

Merchat told France Info radio “the contact information for these police officers is accessible to all people planning to target France”.

After his arrest, one of the defendants told the police the hacking attack was carried out in retaliation to the arrests of several Anonymous activists by French police and the closure of the popular website Megaupload by the US department of justice days earlier.

The shutdown of Megaupload, a platform that ran online storage and viewing services, led to so-called denial-of-service (DoS) attacks on a range of government, police and copyright organization websites by the Anonymous group, including the French attacks, according to court documents.



Hackers Breach Linux Mint Distribution, Forums

Attackers manage to breach Linux Mint’s security, adding a backdoor to the distribution and even stealing information from user forums.
The Linux Mint operating system community is reeling today after the public disclosure on Feb. 21 that hackers managed to infiltrate the popular Linux distribution and plant a backdoor in the system. Adding further insult to injury, hackers were also able to compromise the Linux Mint user forum, stealing username and password information. As a result of the attack, the Website is now offline as the distribution scrambles to restore confidence and security.
Linux Mint has emerged in recent years to become one of the most popular desktop Linux distributions in the world. A key part of Linux Mint’s popularity is its Cinnamon desktop, which provides users with a different user interface from the more standard GNOME desktop. Linux Mint does, however, offer other desktop choices to users as well.
It appears that on Feb. 20 the attackers were only able to impact the most recent Linux Mint 17.3 Cinnamon edition (which eWEEK reviewed here), according to Clement Lefebvre, founder of Linux Mint.
Lefebvre noted the intrusion was brief and quickly discovered. “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it,” he wrote.
In addition to the hacked Linux Mint 17.3 Cinnamon Edition download, the attackers also compromised the user forums site (, stealing a copy of the entire database. Hackers now have usernames and passwords used on the Linux Mint forum Websites, and so it is imperative that users make sure they aren’t using the same username/password combination on other sites.
In terms of root cause for the breach of Linux Mint’s security, the finger is being pointed at a security issue with a poorly configured WordPress content management system (CMS) component.
“We found an uploaded php backdoor in the theme directory of a word press installation, which was one day old and had no plugins running,” Lefebvre commented.
Lefebvre explained that the WordPress theme was new and was set up with incomplete file permissions. the vulnerability was not an exploit of the WordPress core application and that Linux Mint is running the latest version of WordPress, he said. The WordPress 4.4.2 update debuted at the beginning of February, patching a pair of security flaws.
After gaining access to the Linux Mint Website by way of the vulnerable WordPress theme component, the attackers were able to point the Linux Mint 17.3 Cinnamon edition download link to a malicious version of the operating system that embeds the Tsunami Trojan. Tsunami is not a new form of malware, and it’s not unique to Linux either. Back in 2011, Tsunami was able to hijack Apple Mac OS X systems in order to launch distributed denial-of-service (DDoS) attacks.
In regard to who is responsible for the attack, Linux Mint has identified that the hacked versions of its operating system were pointed to servers located in Sofia, Bulgaria.
“What we don’t know is the motivation behind this attack,” Lefebvre wrote. “If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this.”


Banks are being targeted by cyber hackers

Cyber-criminals are increasing attacks on Australian banks and using more sophisticated methods, says a report by computer giant Dell, suggesting heightened cyber-security vigilance and spending by financial institutions and the federal government is justified.

Dell SecureWorks, the IT security subsidiary of Dell, found that Australia is the third-most-targeted country from 17 examined in a report on banking “botnets”. The term, which combines the words robot and network, refers to internet-linked computers that maliciously launch repetitive tasks designed to damage information systems.

“Threats are becoming more sophisticated, incorporating emerging technologies, advanced cryptography, and resilient infrastructure to resist surveillance and disruption,” says the report, published on Friday.

Dell says 80 per cent of global attacks are on financial institutions in the United States. The United Kingdom is the next-most-targeted market, then Australia. Attacks in Asia are increasing and cyber attackers are also targeting bank customers as banking moves to mobile.

“With banks continuously moving to the mobile platform for payment and banking applications, cyber-criminals’ interest in targeting mobile banking services has increased.”

Pallav Khandhar, a senior security researcher at Dell SecureWorks, said one technique growing in popularity involves hackers attempting to lure victims to download and install malicious banking applications while the user thinks they are merely updating their bank application. “This then allows attackers to intercept banking sessions on [the] victim’s mobile, allowing them to steal banking account credentials and/or money from their victim’s account,” Mr Khandhar said.

After Commonwealth Bank of Australia’s interim results earlier this month, chief executive Ian Narev told Fairfax Media that cyber-security is a matter of national importance and the government is showing a high level of understanding about potential threats. Cyber-security should not be seen as an issue of competitive advantage, he said, and it is crucial for banks, telecommunications companies and government to work together on resilience measures.

“Now you can imagine in the same way as there people for a long period of time have unfortunately tried to break into branches, there are always going to be people who want to have a go against all sorts of institutions from a cyber perspective,” he said.

“Anybody in a big company or public institution will tell you there is an ongoing level of activity … and we watch that very carefully and make sure we are well positioned to react to that, and we are.

“That is why we are investing tens of millions of dollars in making the bank as safe as it possibly can be and that is going to be one of those categories of investment that never goes way.”

CBA and UNSW join forces

CBA has joined forces with UNSW to overhaul its cyber-security curriculum and build an education centre as part of a $1.6 million five-year partnership.

The federal’s government’s innovation statement pledged $22 million over four years for a new “cyber-security growth centre”.

Reserve Bank of Australia governor Glenn Stevens said last year “the already considerable resources devoted to IT security will grow further as awareness increases of cyber risk and its consequences.”

The Australian Prudential Regulation Authority works with banks on penetration testing, vulnerability management and wants banks to adopt a systematic approach to managing and securing operating systems and software.

In the United States, JPMorgan went public last year about attacks that resulted in one of the largest data breaches in history, which some sources blamed on Russian authorities seeking retribution for US-led sanctions.

In late 2012, intruders caused major disruptions to the online banking sites of Bank of America, Citigroup, Wells Fargo, US Bancorp, PNC, Capital One, Fifth Third Bank, BB&T and HSBC. These were largely “distributed ‘denial of service’ attacks”, where hackers direct huge volumes of traffic onto a site until it crashes, thereby denying customers service.


Linux Vulnerability Rattles Open Source Community

A serious Linux vulnerability reverberated through the open source community this week, prompting major vendors like Cisco Systems to issue security alerts while experts attempted to determine the extent of the compromise and how best to fix it.

Meanwhile, a key open-source stakeholder stressed that the vulnerability raises new questions about the security of emerging Linux platforms like applications containers.

The vulnerability in the GNU C open source library, or glibc, is thought to affect most Linux distributions and thousands of applications. According to reports, the focus of the vulnerability is a Linux function that performs domain-name lookups.

“The vulnerability could allow an unauthenticated, remote attacker to trigger a buffer overflow condition that may result in a denial of service (DoS) condition or allow the attacker to execute arbitrary code on the affected device,” according to Cisco Systems (NASDAQ: CSCO).

The Linux vulnerability prompted Cisco to issue a product security advisory on Thursday (Feb. 18) containing a lengthy list of affected products. The priority on the advisory was designated as “High.”

The vulnerability could be exploited when affected applications query domain names controlled by hackers. So-called man-in-the-middle attacks give hackers access to data flowing beyond corporate firewalls to open networks.

Maintainers of the open source library released a patch shortly after the glibc vulnerability was disclosed. The patch targets Linux-based systems that look up domain names, a critical function across the Linux ecosystem. Downloading and installing the update is seen as a fairly straightforward process for those running Linux-based hardware, but it could take longer for hardware makers to develop a bug fix.

Google and Red Hat engineers uncovered the glibc vulnerability. According to Red Hat (NYSE: RHT), a key Linux stakeholder, “through this flaw, attackers could remotely crash or even force the execution of malicious code on machines without the knowledge of the end user.”

In a blog post, Red Hat engineers said the glibc vulnerability raises another issue as Linux makes inroads into enterprise IT infrastructure: How will emerging Linux-based applications be secured?

“Who’s fixing containers?” Red Hat executives Josh Bressers and Gunnar Hellekson asked in their post. They noted that many Linux container vendors provide only security scanners to spot vulnerabilities like glibc. “But these vendors aren’t actually in control of the containers that their users are deploying, let alone the underlying operating system powering these container deployments.

“This means that while they are offering the tools for you to find these problems, when it comes to actual fixes, they may not have the expertise, capabilities or the ownership to actually fix the problem,” asserted Bressers, Red Hat’s senior product manager for security, and Hellekson, director of product management for Red Hat Enterprise Linux.

“Container [vulnerability] scanners are a paper tiger,” they concluded. Hence, Red Hat along with Docker, CoreOS and other container vendors have begun including security features like container registries and other access controls along with brute-force encryption.

The sheer breadth of the glibc vulnerability prompted at least one open source proponent to wonder how entrenched it may be in the Linux infrastructure. Tweeted CoreOS CEO Alex Polvi, whose startup offers an encrypted container platform: “Does the glibc vulnerability have a brand name yet?”



HSBC Banking Customers Vent Anger After DDoS Scuppers Service

HSBC has been forced to apologize to customers after a DDoS attack disrupted key online systems, meaning many users couldn’t log-in to their internet banking portals.

A statement from the bank claimed this morning’s denial of service attack affected “personal banking websites in the UK.”

It continued:

“HSBC has successfully defended against the attack, and customer transactions were not affected. We are working hard to restore services, and normal service is now being resumed. We apologise for any inconvenience this incident may have caused.”

The outage persists for many customers as of the time of writing, with countless HSBC online banking users taking to social media to vent their anger.

The attack comes at a particularly sensitive time given there are only a couple of days left before UK taxpayers can file their returns without being charged interest on late payments.

As the last working day of the month, it’s also pay day for many people – a fact the DDoS-ers may well have had in mind when timing the attack.

A new report from security firm Imperva released yesterday showed that attacks on UK websites soared by over 20% in Q4 2015, placing the country as the second most targeted in the world behind the US.

Justin Harvey, CSO at Fidelis Cybersecurity, had advice for firms caught in the same situation as HSBC.

“Strong external network-facing access control lists (ACLs) should be instituted to keep out-of-profile traffic off services, robust monitoring should be put in place to identify these types of attacks in their early stages, and high-risk organizations should oversubscribe their network bandwidth to better absorb the brunt of inbound DDoS attacks,” he said.

“The upstream ISP should also be notified to place mitigations on their connected devices to protect networks.”

However, Lee Munson, security researcher for Comparitech, urged commentators not to blow things out of proportion.

“The bank’s systems have not been breached. No bank accounts have been raided and no personal information has been stolen,” he argued.

“The UK financial sector remains resilient to cyber-attack thanks to operations such as Wire Shark and Resilient Shield which have encouraged sharing of threat intelligence and greater communication between both British and US banks.”

The bank also said it was “working closely with law enforcement authorities to pursue the criminals responsible.”

However, Ryan O’Leary, senior director of WhiteHat Security’s Threat Research Centre argued that its time could be better spent on preventative measures, especially given that finding and prosecuting attackers can be a challenge.

“Those who can pull off a DDoS attack are extremely prevalent; if one individual or group were able to execute a DDoS attack, it is very likely many others could do the same,” he added. “The company’s issue is not the attacker, it’s the system that is susceptible to the attack. Fix the issue and your attacker problem goes away.”