Category Archives: Cyber Crime

Windows XP: End of Life

Tuesday 8th April 2014 marked the end of life for Windows XP. The archaic OS, which has been one of the most popular of the Windows operating systems released in the last 13 years, finally reached EOL (end of life) yesterday and was put to eternal rest. The software giant will still release “virus warnings” related to the OS, however no fixes will be offered as part of update packages.

Microsoft will no longer be releasing any Operating System updates after the last batch were rolled out yesterday. Therefore, the highly popular OS will no longer be supported.

Many readers will be thinking, “this makes no difference to me, I upgraded to a newer Windows OS many moons ago”, well hold on there sister, because you may well find yourself caught short by this momentous clocking off of one of the world’s biggest support teams.

Millions of devices still use Windows XP, it’s thought that roughly 25% of all desktops are still running on it. Some of these devices are the backend to important services we use everyday, such as ATMs.

The cessation of further security updates leaves these devices open to security vulnerabilities as hackers develop ways to bypass any remaining security flaws in the OS itself. If such a vulnerability were targeted towards an everyday service like ATMs, the knock on effects would be huge, affecting millions of people across the globe.

ATM machines are just one example, but if something so common as this can be affected it is reasonable to assume that other everyday services will be affected.

XP itself was released in 2001 originally with a 10-year support life. However, after realizing its popularity in 2007 Microsoft decided to extend this support life to accommodate the many users. But, all good things must come to an end, and Windows XP is no different. The extent of its expiry as yet remains to be seen, but it seems only a matter of time before we read the latest story about exploitation of a security flaw. 

LinkedIn Email Addresses Exposed by Plugin

A Google Chrome browser plugin can be used to expose the email addresses of LinkedIn users.

The plugin, called Sell Hack, can be installed on any Chrome browser and when users of it browse LinkedIn profiles, a “hack in” icon appears.

LinkedIn is said to be taking legal action over the plugin and advised users to uninstall. However, the nature of the plugin is such that its users will most likely not heed LinkedIn’s warning until threatened with stronger action.

Sell Hack insists that the the tool was created for marketing professionals and that all data is publicly available. On its website it said: “We just do the heavy lifting and complicated computing to save you time, We aren’t doing anything malicious to LinkedIn.”

LinkedIn however issued Sell Hack with legal documents. A spokesmen said: ”We are doing everything we can to shut Sell Hack down. On 31 March LinkedIn’s legal team delivered Sell Hack a cease-and-desist letter as a result of several violations”.

LinkedIn, as of June 2013 (more recent stats couldn’t be found) had 259 million users, so the potential number of affected users is likely to be huge.

Google Chrome has many plugins and tools that can be downloaded free of charge by users. Whilst most have no malicious intent or use, most plugins are produced by third parties, so the potential for malware to be produced is there.

The full consequences of the plugin are yet to surface, however it is expected that many users will certainly receive nuisance emails as a result of this.

Internet’s time servers secured in “worldwide effort”

The BBC is reporting a “worldwide effort” to strengthen “time servers” (computers that keep the time on the internet) as a way of thwarting hack attacks. It reports that there has been an “explosion” in the last few months of the number of attacks targeting these special servers. The story was first broken by security company Arbor.

Criminals used the time servers (also known as NTP servers) in a series of DDoS attacks. DDoS attacks aim to knock out a targeted network by flooding its servers with huge amounts of data. Roughly 93% of all vulnerable servers are now thought to be secure against this type of attacks.

The inspiration for this tightening in security came from an attack on the online game League of Legends, which was performed by Derp Trolling, who have attacked many other online gaming platforms in a similar manner.

The League of Legends gaming site (and others like it) were attacked by exploiting a weakness in older forms of the software that underpins the network transfer protocol (NTP). This type of attack is called an NTP reflection attack, which uses a spoofed IP address (mimicking the targets IP address) to overload it with responses from multiple NTP servers. This rush of data to the target server, or servers, causes them to crash.

The Network Time Foundation, which helped to coordinate the security measures, estimated that 1.6 million machines were at risk to reflection attacks. Work to reduce this number began early this year.

Despite 93% of servers now being more secure, an estimated 97,000 are thought to be open to abuse. Arbor estimates that it would take 5,000-7,000 NTP servers to mount an overwhelming attack, leaving plenty of room for hackers to manoeuvre.

The “explosion” in the number of attacks in recent months has been caused by copy cat hacking groups using the same methods as Derp Trolling. This has led to a spike in malicious network activity, hence why the internet community has responded with such a wide ranging strategy.

NATO Websites Suffer Downtime after Cyber Attack

Several public NATO websites suffered downtime after being successfully targeted in a cyber-attack which has been traced back to the Ukraine.

A group who go by the name ‘Cyber Berkut’ stated that they were behind the attack as they aren’t happy with NATO’s interference in Ukrainian affairs.

A statement released on their website read, “We, Cyber Berkut, announce that today at 6:00 p.m. we started the cyberattack on NATO resources. We, Cyber Berkut, will not allow the presence NATO occupation on the territory of our homeland, because it opposes NATO intervention in Ukraine.”

The main NATO website was affected along with a cyber-security centre in Estonia which is linked to the alliance. NATO has yet to confirm the source of the attack but have claimed that none of their essential systems had been compromised.

A spokeswoman for the alliance Oana Lungescu stated, “Our experts working to restore normal function. No operational impact … The attack hasn’t affected the integrity of Nato’s systems.”

John Bumgarner who is the chief technology officer at the US Cyber Consequences Unit claims that all of the evidence that has been collected so far, points in the direction of pro-Russian sympathisers being behind the attacks.

Bumgarner stated, “One could equate these cyber attacks against Nato as kicking sand into one’s face.”

Tensions between Russia and the West have intensified ever since Russian forces entered Ukrainian territory in the Crimea region after former Prime Minister Viktor Yanukovych was overthrown.

Ukrainian and Russian websites have both been targets for cyber-attacks in recent weeks but this appears to be the first major attack on a Western website since the crisis began.

S. Korea punishes credit card firms over data breach

Following a massive data leak in January, S. Korean financial regulators will impose strict rules on the sharing of personal information between credit card companies and their partners. The rules are due to come into affect in April, after three major credit card firms were found guilty of the theft of personal information of 20 million customers. The three firms (KB Kookmin, NH Nonghyup & Lotte) have also been suspended from operating for 3 months each as punishment for the breach.

The Financial Supervisory Service (FSS), the regulatory body in S. Korea, is behind the change in the law and the punishment to the three firms. The FSS acted after there was huge anger shown towards the credit card companies from the S. Korean public, with offices and call centres of the firms heavily bombarded with complaints. These complaints came after the FSS had tried to reassure customers that data had not actually been circulated by those responsible.

The theft of data was actually committed by former temporary consultants for the companies, one of which had stolen the data by copying it on to mobile device which could then be taken off site from the firms. This particular theft is alleged to have gone on between 2012 and 2013.

The regulator’s proposals include giving customers a choice over whether their information can be shared to third parties and mandatory deletion of customers’ data after they cancel a particular credit card.

The punishment of suspending business for 3 months is the first of its kind for 10 years, showing the severity of the breach. The FSS also promised that bans of 6 months and punishments for top executives of firms would be enforced in the event of future breaches of this level and nature. Fines of up to 1% of revenue would also be issued if data was stolen, or if stolen data was used to sell products.

In another measure to stop malicious intent going unchecked in future, the financial regulator is pushing to strengthen monitoring of staff at financial companies and their contractors involved in customer data management, and bar financial firms from sharing client data with their affiliates beyond a set limit.

Bitcoin exchange halts withdrawals after cyber-attack

BitStamp, one of the world’s largest and most commonly used Bitcoin exchanges has temporarily halted withdrawals after its exchange system came under attack.

The exchange firm, based in Slovenia, said criminals had used a vulnerability in the underlying Bitcoin software to perform the attacks. The Bitcoin Foundation, who maintain the code on which the software is based, have been trying to find a work around as well as fixes for the issue. They added that as this was a DDoS (distributed denial of service) attack no theft of Bitcoins had taken place, but that funds were “tied up” in the affected exchanges for now.

Bitstamp are now the second big Bitcoin exchange to come under DDoS attack in under a week, with Tokyo’s MtGox being the first last Friday.

A third exchange, BTC-e has also warned that transactions would be delayed due to another DDoS attack.

The cause of the problem stems from a weakness in the Bitcoin code known as transaction malleability. This malleability allows somebody to alter the code of Bitcoin just before a particular transaction is logged. This in turn allows a withdrawal to be made multiple times without the “blockchain” (the database Bitcoin uses to record every transaction carried out) noticing, opening the door to theft of Bitcoins.

The actual DDoS attack, according to Gavin Andersen of the Bitcoin foundation, comes when an exchange firm’s systems can’t cope with vast amounts of these fraudulent transactions. Mr Andersen pointed towards the design of MtGox and Bitstamp’s systems not being up to scratch, adding that the transaction malleability issue had been known about since 2011.

Unfortunately, despite Bitcoin trying to distance themselves from the fallout of this issue, this is more unwanted publicity, after the arrests of Charlie Shrem and Robert Faiella, in the US. Shrem and Faiella worked together to exchange over $1 million in Bitcoins to users of the Silk Road. The Silk Road, which has been shut down since October 2013, was an illegal trading place of illicit materials, such as illegal drugs and weapons. Bitcoin was the only accepted currency on the Silk Road.

Stock prices of Bitcoin fell as a result of this news from $830 to $665, a drop of nearly 20%. Prices also fell after the arrests of Shrem and Faiella, so this latest hiccup is something that Bitcoin could have done without. However, that does not stop the meteoric rise of virtual currencies, in particular Bitcoin, over the last 12 months or so. Less than two years ago, in July 2012, Bitcoin’s value was at just $9, which itself was a revelation at the time.

On this basis, it would be a safe assumption that Bitcoin might not be too worried about this latest incident.

 

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal