NBC.com Hacked

NBC.com was hacked and malicious code was placed on the homepage that looks for exploits on your browser (through plug-ins such as Adobe Acrobat and Java, as well as, iframe script.) When browsing the web, users should take care in viewing pages with exploitable code.

The hack known as Citadel is downloaded onto a victim’s computer. “Citadel is the name of a a whole malware family that belongs to the categories of “bots”. Once a system is infected with Citadel the attacker (usually referred to as “bot herder”) is able to take full control over the victim’s computer. “

Chinese Military Attacks On USA

A Chinese building used by the military is at the root of computer attacks made on United States companies. The security company Mandiant was hired to trace the attacks being made on several U.S. firms. The tracking led to the Chinese military unit within the 2nd Bureau of the People’s Liberation Army General Staff Department’s 3rd Department, going by the designation “Unit 61398.”

The Whitehouse said, “We have repeatedly raised our concerns at highest levels about cyber-theft with senior Chinese officials, including the military, and we will continue to do so. It’s an important challenge, one the president has been working on and urging Congress to work on for quite some time. The United States and China are among the world’s largest cyber-actors, so it’s critical.”

Facebook Hacked

Facebook was hacked last month; however, they did not notify users for a month. Why?

Here is what Facebook says:
Facebook, like every significant internet service, is frequently targeted by those who want to disrupt or access our data and infrastructure. As such, we invest heavily in preventing, detecting, and responding to threats that target our infrastructure, and we never stop working to protect the people who use our service. The vast majority of the time, we are successful in preventing harm before it happens, and our security team works to quickly and effectively investigate and stop abuse.

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

We have found no evidence that Facebook user data was compromised.

As part of our ongoing investigation, we are working continuously and closely with our own internal engineering teams, with security teams at other companies, and with law enforcement authorities to learn everything we can about the attack, and how to prevent similar incidents in the future.

Facebook Security has a team dedicated to tracking threats and monitoring our infrastructure for attacks at all times. In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops.

After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.

There are a few important points that people on Facebook should understand about this attack:

- Foremost, we have found no evidence that Facebook user data was compromised.

- We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.

We encourage people to submit any security vulnerabilities that attack our services to our Bug Bounty Program.

Twitter Hacked

Twitter announced its systems had been hacked an 250,000 users personal information had been compromised. Turn off your Java!

“Earlier this week, hackers gained access to Twitter’s internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company’s official blog, Twitter’s manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security’s advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter’s report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times.”

Create an Anonymous Email Address

To secure your data and reduce SPAM sent to your business as well as to your private email account, get a dedicated address for internet postings. Never use your business email address for posting guestbook entries, votes, or questions and answers in forums and surveys. It’s good to be reachable in these situations, but best to be anonymous.

Instagram Privacy Policy

An outrage of the new Instagram privacy policy has seen usage go from 40 million to 17 million in one month. Users took offense to instagram using photos in advertising without the consent of the photographer.

The adjustments to the privacy policy will still allow Instagram to share information with it’s parent company Facebook. “Our updated privacy policy helps Instagram function more easily as part of Facebook by being able to share info between the two groups.”

Tech Support Scam

The IC3 continues to receive complaints reporting telephone calls from individuals claiming to be with Tech Support from a well-known software company. The callers have very strong accents and use common names such as “Adam” or “Bill.” Callers report the user’s computer is sending error messages, and a virus has been detected. In order to gain access to the user’s computer, the caller claims that only their company can resolve the issue.

The caller convinces the user to grant them the authority to run a program to scan their operating system. Users witness the caller going through their files as the caller claims they are showing how the virus has infected their computer.

Users are told the virus could be removed for a fee and are asked for their credit card details. Those who provide the caller remote access to their computers, whether they paid for the virus to be removed or not, report difficulties with their computer afterwards; either their computers would not turn on or certain programs/files were inaccessible.

Some report taking their computers to local technicians for repair and the technicians confirmed software had been installed. However, no other details were provided.

In a new twist to this scam, it was reported that a user’s computer screen turned blue, and eventually black, prior to receiving the call from Tech Support offering to fix their computer. At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems.

Beware Of Ransomware

A new extortion technique is being deployed by cyber-criminals using the Citadel malware platform to deliver Reveton ransomware. The latest version of the ransomware uses the name of the Internet Crime Complaint Center to frighten victims into sending money to the perpetrators. In addition to instilling a fear of prosecution, this version of the malware also claims that the user’s computer activity is being recorded using audio, video, and other devices.

As described in prior alerts on this malware, it lures the victim to a drive-by download website, at which time the ransomware is installed on the user’s computer. Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The message further declares that a law enforcement agency has determined that a computer using the victim’s IP address has accessed child pornography and other illegal content.

To unlock the computer, the user is instructed to pay a fine using prepaid money card services. The geographic location of the user’s PC determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. Below is a screenshot of the new variation.

Reveton warning screen

This is not a legitimate communication from the IC3, but rather is an attempt to extort money from the victim. If you have received this or something similar do not follow payment instruction.

It is suggested that you:

  • File a complaint at www.IC3.gov.
  • Keep operating systems and legitimate antivirus and antispyware software updated.
  • Contact a reputable computer expert to assist with removing the malware.

Sandy Hook Fundraising Scam

David B. Fein, United States Attorney for the District of Connecticut, and Kimberly K. Mertz, Special Agent in Charge of the New Haven Division of the Federal Bureau of Investigation, announced that NOUEL ALBA, 37, of the Bronx, New York, was arrested today on a federal criminal complaint charging her with lying to FBI agents in connection with their investigation into a fraudulent fundraising scheme related to the Newtown school shooting tragedy.

The complaint alleges that ALBA used her Facebook account, telephone calls, and text messages to falsely claim to be a relative of a shooting victim and solicited money from donor-victims who wanted to donate, claiming the money was for the child’s “funeral fund.” At ALBA’s instruction, donor-victims sent money to a PayPal account controlled and accessed by ALBA. When contacted by FBI special agents investigating fundraising and charity scams related to the Newtown tragedy, ALBA falsely stated that she did not post information related to Newtown on her Facebook account, solicit donations, or recently access her PayPal account. ALBA also falsely claimed to have immediately refunded any donations that she received.

“This arrest should serve as a warning to anyone who attempts to profit from this tragedy by contriving fraudulent schemes that exploit the many victims, their families and individuals who sincerely want to help,” stated U.S. Attorney Fein. “Investigators continue to monitor the Internet to uncover other fundraising scams arising from this tragedy, and the individuals operating them face federal or state prosecution to the fullest extent permitted by law.”

“It is unconscionable to think that the families of the victims in Newtown and a sympathetic community looking to provide them some sort of financial support and comfort have become the targets of criminals,” stated FBI Special Agent in Charge Mertz. “Today’s arrest is a stern message that the FBI will investigate and bring to justice those who perpetrate Internet fundraising scams, especially those scams that exploit the most vulnerable in their time of shared sorrow.”

Following her arrest, ALBA appeared before United States Magistrate Thomas P. Smith in Hartford and was released on a $50,000 bond.

If convicted of making false statements to federal agents, ALBA faces a maximum term of imprisonment of five years and a fine of up to $250,000.

U.S. Attorney Fein stressed that a complaint is not evidence of guilt. Charges are only allegations, and each defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.

Individuals with knowledge of Newtown-related fundraising schemes are encouraged to contact the FBI in Connecticut at 203-777-6311.

U.S. Attorney Fein noted that potential federal charges associated with fraudulent fundraising and charity schemes include wire fraud (18 USC 1343, 20-year maximum prison term), access device fraud (18 USC 1029, 10-year maximum prison term), and interstate transportation of stolen property (18 USC 2314, 10-year maximum prison term).

This case is being investigated by the Federal Bureau of Investigation. The case is being prosecuted by Assistant United States Attorney Jonathan Francis.

Facebook Phishing

There is a Facebook phishing scam circulating via email. The email looks as show below; however, the link doesn’t really take you to Facebook.

Example:
From: “Facebook.Team” F28991E87@borgesglass.com
To: myemail@domain.com
Subject: Account activation
Date: Wed, 19 Dec 2012 02:04:41 -1200
List-Unsubscribe: mailto:1B337AA6C3EE4D64226F@shabri.org

Hi id,
Your account has been blocked due to suspicious activity.
To re-activate account, please follow this link:

http://www.facebook.com/confirmemail.php?e=myemail@domain.com&c=4448890

You may be asked to enter this confirmation code: 4448890
The Facebook Team
Didn’t sign up for Facebook? Please let us know.

Actual hidden link that takes you to the hostile website:

http://sitedating2013.info/link.php?user=myemail@domain.com&id=95F0BBA2A5B&key=313CA548B6D9