News bytes-July 2013

NEWS Bytes Rahul Arun


null Bangalore Chapter - July 2013 Meet

Transcript of News bytes-July 2013

Page 1: News bytes-July 2013

NEWS Bytes Rahul Arun

Page 2: News bytes-July 2013

15 Goa Government Websites hacked

by Pakistani Hacker "H4x0r HuSsY”

A Hacker with Handle "H4x0r HuSsY" from

Pakistan has managed to take control of few

Indian Government websites and has

defaced them. All of the hacked websites

are belong to Goa State

The affected websites includes NRI Commission of

Goa(, Directorate of Agriculture

(, Directorate of Art and Culture

(, Department of

Information and Publicity

( ,Directorate of

Fire & Emergency Service (,

Goa Dental College (, Government Printing

Press & Stationery (

Page 3: News bytes-July 2013

City of Mobile Police Hacked &

Data Leaked by Turkish Ajan While it's been widely speculated that

the notorious computer worm Stuxnet

was the result of partnership between

US and Israel, the famous NSA

Whistleblower "Edward Snowden" has

confirmed it. Stuxnet was a highly-

complex malware discovered in 2010,

used as cyber weapon against the

Iran's nuclear program..

Snowden answered a few interesting questions in an Interview had

with Germany's Der Spiegel Magazine.When Interviewer asked

about the NSA involvement in Stuxnet, Snowden confirmed that

saying "NSA and Israel co-wrote it“.When asked about German

authorities involvement in NSA surveillance system, Snowden

confirmed that saying "Yes, of course. We're 1 in bed together with

the Germans the same as with most other Western countries.".

Page 4: News bytes-July 2013

Anonymous Hackers Breach Systems of

Spain’s People’s Party, Leak Documents Anonymous hackers have defaced the

official website of Spain’s People’s

Party (Partido Popular), the country’s

governing party. In addition

to defacing the website – which has

been restored –, the hacktivists have

also leaked 5 gigabytes of documents

that allegedly represent the party’s

financial accounts from 1990 to 2011. reports that the party refused to release the documents after a

judge overseeing a political corruption scandal asked to see them. The

information has been posted on torrent sites, blogs and other websites so

that citizens can analyze it. According to a video statement published by

the hackers a couple of days ago, the documents show that the People’s

Party has used public money to buy expensive cars, a pony and other

items.The hacktivists are displeased with the fact that the party keeps

talking about austerity and cuts while it “robs” the people.

Page 5: News bytes-July 2013

Mobile malware grows by 614 %

Mobile malware creators and

smartphone makers seem to be in a

neck-and-neck software race, but new

data shows that the malware creators

could be taking the lead.

Juniper Networks released its third annual Mobile Threat Report on

Tuesday and the findings aren't pretty. Mobile malware grew at a

rate of 614 percent from March 2012 to March 2013 -- that's equal to

276,259 malicious apps floating around out there. Last year, the

increase was amere 155 percent.

The report is based on an analysis of more than 1.85 million mobile

apps and vulnerabilities across major mobile operating systems.

in last year

Page 6: News bytes-July 2013

WellPoint takes $1.7 million hit

over HIPAA slip WellPoint, a managed health care giant,

agreed to pay $1.7 million to the U.S.

Department of Health and Human Services

for violating HIPAA regulations. HIPAA, the

Health Insurance Portability and

Accountability Act of 1996, is a set of rules to

maintain patient privacy.

These fines may also pick up given that HIPAA liability will extend to

business partners that receive and store health information. HIPAA will

extend to contractors and subcontractors on Sept. 23.

According to the HHS, WellPoint left patient health data accessible to

unauthorized users over the Internet. The HHS began its WellPoint

investigation following a data breach report.

Page 7: News bytes-July 2013

Kremlin finds way to avoid

leaks: Typewriters Dust off your Olivetti.

It might be the future. The future of national

security, at least.

This quaint thought comes to mind as the result

of news emerging from the inner bowels of the


So the Kremlin has started ordering typewriters. Lots

of them. Indeed, the Telegraph, relying on sources

at Russia's Federal Guard Service, says that about

$15,000 is being spent to purchase new electronic


Page 8: News bytes-July 2013

Cyberattack on South Korea was part

of 4-year spying campaign

"Our analysis of this attack -- known first as Dark Seoul and now as

Operation Troy -- has revealed that in addition to the data losses of

the MBR wiping, the incident was more than cybervandalism,"

McAfee's report reads. "The attacks on South Korean targets were

actually the conclusion of a covert espionage campaign."

South Korea has been under a concerted

cyberattack for the last four years, according to

a comprehensive new report (PDF) released

Monday by security firm McAfee. That means

the hack that crippled three TV broadcasters

and two banks in March was possibly just the tip

of the iceberg.What has been the goal of these

hackers? To steal South Korean government

and military secrets, according to McAfee.

Page 9: News bytes-July 2013

Secunia and VLC get into

Fight over Vulnerability report Secunia and VLC Team got into a hot argument

after Secunia set the patch status of their VLC

vulnerability report to "UnPatched". At the end of

last year, Secunia team reported a vulnerability

(SA51464) in VLC version 2.x.The root cause of the

vulnerability lies in the underlying FFmpeg library,

which VLC statically links to. It was reported that the

vulnerability was caused due to a buffer overflow

issue when parsing SWF files, which was incorrect. When the VLC team came to know about the issue they tried to

fix it but they missed the root cause and didnot solve the core

problem. They released the next VLC version and claimed it to

be safe but this was not the case as said by Secunia team. The

VLC team kept on releasing the version from 2.0.5 to 2.0.7 and

claimed that the vulnerability was fixed -

Page 10: News bytes-July 2013

Pakistani Google, Yahoo, Apple,

Microsoft hacked by Turkish Hacker

group Eboz A Turkish hacker group called Eboz has hacked

and defaced Pakistani high profile websites

which includes Search Engine giant Google,

Yahoo, Microsoft and Apple, Visa, HSBC, Coca

Cola, Blogspot, Sony, HP, eBay and PayPal .

The hackers has defaced,,,, and 279 other sites in Pakistan

It seems like hackers compromised the Pakistan's TLD operator PKNIC

which administers and registers all .pk domains. Hackers modified the

DNS servers records such that it points to some other server, points to

two nameservers, and

Page 11: News bytes-July 2013

Convicted Hacker Says He

Committed Credit Card Heist for

U.S. Government The hacker who orchestrated the biggest computer crime

operation in U.S. history is alleging that the American

government authorized him to do so. Last year, 29-year-old

Albert Gonzalez pleaded guilty to hacking into computer

systems at TJX, Office Max, Dave & Busters, Heartland

Payment Systems and other companies, in order to steal

some 130 million credit card numbers. He received a 20-year

prison sentence, which he's currently serving at a low-security

facility in Michigan.

"I still believe that I was acting on behalf of the United States

Secret Service and that I was authorized and directed to

engage in the conduct I committed as part of my

assignment to gather intelligence and seek out international

cyber criminals," Gonzalez wrote. "I now know and

understand that I have been used as a scapegoat to cover

someone's mistakes."

Page 12: News bytes-July 2013

ITV News Twitter account hacked

by Syrian Electronic Army

British broadcaster ITV on Friday

became the latest media outlet to

have one of its Twitter feeds hacked by

anonymous supporters of Syria's

President Bashar al-Assad, just days

after Twitter beefed up security to

prevent such attacks.

ITV's London news Twitter account @itvlondon was hijacked on Friday

afternoon and used to promote spoof stories about Syrian rebels,

before the hackers tweeted "Just kidding. The Syrian Electronic Army

was here. #SEA via @Official_SEA12."

the security breach was triggered by a phishing email.

Page 13: News bytes-July 2013

Netherlands Domain Registrar

SIDN websites hacked via SQL


Unknown hackers have penetrated into the Netherlands Top

domains registrar(.nl) SIDN and placed malicious files in a number of

SIDN sites.

According to official statement, hackers have managed to breach

the site by Exploiting a SQL Injection vulnerability in To

prevent further attack the organization shut down the web

application and temporarily suspended the zone file publication. "As

a result of our precautionary action, some areas of the website that

registrars use to download registrar ship-related data have been

unavailable since Tuesday". In an email to registrars, SIDN reports the

login credentials of Registrars' site have also been compromised in

the Security breach.

Page 14: News bytes-July 2013


Page 15: News bytes-July 2013

Thank You…