Security Brief: OpKillingBay, CryptoLocker, GitHub Attack, vBulletin Hack
The main events of the week between November 18 and November 24, 2013
We’ve had some interesting information security stories over the past week. Check them out in case you haven’t been online much. They mostly focus on Anonymous’ OpKillingBay campaign, the CryptoLocker ransomware, the attack on GitHub accounts, and the vBulletin hack.Anonymous hackers continue OpKillingBay, the campaign launched in protest against the killing of dolphins and orcas in the Japanese town of Taiji.
The list of targets includes the Japanese government and various other organizations such as SeaWorld, the International Marine Animal Trainers Association (IMATA), the World Association of Zoos and Aquariums (WAZA) and even the private companies that make a profit from transporting the animals.
So far, some distributed denial-of-service (DDOS) attacks have been launched against Japanese government websites. The hacktivists are preparing a Twitter storm to raise awareness of the matter on December 1.
The CryptoLocker ransomware has made a lot of headlines this week. Authorities in the UK claim millions of people have already received the emails that distribute the malware. A police department in the US has fallen victim to the threat and was forced to pay the ransom in order to recover its files.
Now that the price of Bitcoin has skyrocketed, the cybercriminals behind CryptoLocker made some changes to the ransom screen, decreasing the fine from 2 Bitcoins to 0.5 Bitcoins.
GitHub has been the target of a major brute-force attack aimed at the service’s authentication systems. Users reported seeing numerous failed login attempts to their accounts.
According to GitHub representatives, the cybercriminals used 40,000 IPs to power the attack. The company has reset the passwords for the accounts that had been compromised, and advised users to enable two-factor authentication and set strong passcodes.
The vBulletin hack, which is said to be connected to the MacRumors breach, has turned out to be highly controversial. Hackers of Inject0r Team have taken responsibility for the attacks.
They claim to have leveraged a vBulletin zero-day in order to hack the websites. However, they’ve failed to back up the allegations and vBulletin representatives say they haven’t found any evidence of a zero-day vulnerability.
A number of website, including DEF CON, OVH, and Garage4Hackers, have disabled their forums after news of a potential zero-day surfaced. After vBulletin denied that the zero-day exists, the sites have been restored.
Another major attack brought to light this week is the one against Cupid Media. Brian Krebs identified a file storing the details of 42 million Cupid Media customers on the same hacker server where the Adobe and PR Newswire data was found. The actual breach took place in January 2013, but until recently no one saw the data stolen by the cybercriminals.
As far as social media networks are concerned, this week we’ve learned that Google patched vulnerabilities in the password recovery process that could have been leveraged for targeted phishing attacks. Also, Twitter has implemented forward secrecy to protect traffic against spying.
Meanwhile, the Silk Road saga continues. The family and supporters of Ross Ulbricht, the man accused of being the underground marketplace’s mastermind, have launched a fund to raise money for his defense.
Earlier this week, prosecutors presented a lot of evidence to convince the judge that Ulbricht is a flight risk. He has been denied bail.
John Anthony Borell III, the Anonymous hacker known as ItsKahuna, has published a statement to deny that he has been collaborating with authorities.
In Turkey, police have arrested 12 individuals suspected of being part of the RedHack group. RedHack members have denied that those detained have anything to do with them, arguing that the government is simply cracking down on people who spoke up against authorities during the Gezi protests.
Finally, an expert has reported the fact that LG Smart TVs are spying on users, even if the “Collection of watching info” feature is disables. The company has promised to make some changes to the firmware.
Here are some other interesting stories in case you’ve missed them:
Free eBook to help you improve your security
Facebook sues man allegedly responsible for celebrity tape scams
Gaming company fined for secretly installing Bitcoin malware
Experts spot a new piece of malware called i2Ninja
LulzSec Peru hacks websites of Peru’s National Police and the presidency
Anonymous attacks Russian websites in support for the Arctic 30
Check out our interview with Marius Corîci, founder of the CTF365 capture the flag platform