Who's No.1 For Hacking?

If you enjoyed the late Tom Clancy's techo-thriller Threat Vector, you may be thinking that China is the world's worst nation for internet hacking. Think again.
China has a reputation as the hacker capital of the world, but a new report shows the bulk of global cyber-attack activity has recently come from its smaller neighbour, Indonesia.
38% of the world's cyber attacks originated in Indonesia during the second quarter of 2013, up from 21% in the first quarter. This spike knocked China off the hacking pedestal, with Big Red accounting for 33% of attacks, down from 34%. The amount of hacking originating in US (although at No.3), is a piddly 6.9% of cyber-attack traffic, a decrease from 8.3%. Indonesia and China alone accounted for more than half of all global cyber-attack activity during the quarter!
While it may seem like Indonesia came out of nowhere to take the lead (last year it accounted for less than 1% of cyber crimes), hackers may be taking advantage of its increase in connection and weakening IT structure. The country's average internet connection speed increased 125% from the same time last year. That, coupled with the fact the country isn't spending lots on its infrastructure, may make the country a haven for cybercriminals.
Last Jan., hacker group Anonymous Indonesia claimed responsibility for defacing 12 government websites. In April, the country's defence minister announced it was building a Cyber Defence Centre to combat hackers. Microsoft also felt the supposed wrath of Indonesian criminals (among others) when it put the lid on a cyber-crime operation in June.
One thing to keep in mind: the IP address assigned to a particular country may not be the nation where the attacker resides. So someone from China with an IP address associated with them, may actually be committing cyber attacks in, say, France, while sitting anonymously in Turkey...!

The Demise of DoktorBass

Over the past months, there have been quite a few hack-attacks from someone using the handle DoktorBass.
Some of his attacks have stirred up fuss, the most recent I blogged on Wednesday - a strike last weekend at some Faroe Islands sites.
Following those attacks, DoktorBass disabled his Facebook page, which was a main outlet for the attacks, and released this statement explaining why he's "leaving the anonymous scene" (it also indicates a few things about himself!):
"Well, I give up. Honest to God, this is the end of my hacking / anonymous days. I just can't take it anymore.
I fight for what i believe should be done, and there are other "anonymous" people saying that i shouldn't. They say that Anonymous doesn't give two shits about whaling. Well I do. I am Anonymous and i am against whaling, does that mean i shouldn't fight to stop it? Well if you were one of the people that said i shouldn't be wasting my time with whaling, i do not call you Anonymous. I call you stupid and ignorant. Never tell someone they can't fight for their beliefs.
To the Faroe Islands residents, i am sorry if you got caught up in all this. I am still opposed to whaling, but i would like to apologize for what i've done to your small yet traditional community. (A lot of you also requested a written apology, well here you go.) I hope that you all get back into your daily routine, and that you, in time, stop whaling. You won't i know, but it feels better to hope for an end of it. I am sorry for all the trouble i have caused, and pray for your forgiveness. Same with all those other Scandinavian people who were offended by what i did.
If you were compromised during this event, i am deeply sorry for it. If your website was hacked, i hope you also plan to patch the SQL injectable holes in your websites, so no one else gives you any trouble. I have deleted the leaked data, the dox will remain because it is not my work, and it is entirely legal.
To the Prime minister of the Faroe Islands, if you ever see this, i apologize in general to your nation, i am aware whaling is legal in your country. To the people who wasted hours of their lives arguing with me, i hope you're happy and proud, because you won.
From here i will go back to the old days when i used to enjoy programming. But believe me when i say i hacked for more reasons than activism. To me hacking was an anti-depressant, and was addictive at times. I do it at school, at home, whenever i have the opportunity i am picking out SQL injectable targets and exploiting them, but i'm stopping as of tonight. It's hazardous to my health anyway i suppose.
To any police/security agencies watching me, i apologize for my actions and all the damage they have done.
To the other people working with me on #OpHarpoon, i'm sorry for abandoning you like this. At least i got you all the media attention you needed, but you will have to find yourselves another willing hacker. Also to everyone that didn't know, I AM NOT LEADING #OpHarpoon. I am merely the hacker in all this, i didn't choose the Faroe Islands as a target, i didn't choose whalers as a target, i did what i was supposed to do: get all the media i could. And i succeeded with the leak reaching the top-trended paste in one day with 12,000 views. It's gone now though, so no point looking it up.
To all the people i have befriended over my 8 month's with Anonymous, i'm sorry for doing this, and i'm aware of my usefulness, but it has to be done. I can't continue this anymore.
To everyone else i hacked throughout my 8 month spree, i am sorry for my actions, and hope you will forgive me.

I just want to continue living my life the way i used to: carefree. I don't want any of this trailing me and taunting me for the rest of my life. I am deeply sorry for my actions. I pray you just forgive me, then forget me.
Sincerely,
DoktorBass

There're indications that this teenage schoolboy had depression, no social life, and used on-line vandalism as a release. He may been in over his head as, just a few days prior, he posted this apology on his site, regarding something else he'd created:
"Right. I've made a mistake obviously. I feel very guilty now about dumping that site, i shouldn't have done it. It was a site promoting women's rights in Africa for fuck's sake. I'm meant to be supporting that. I'm not sure what i was thinking but i can truthfully say im a fuckwit. Young and stupid. I'm righting (sic) them a formal apology."

At this stage, his #OpHarpoon document containing multiple targets remains up, but his list of other sites he's proudly hit is now missing many of those I cited last Wednesday!
"It's hazardous to my health anyway i suppose" - as I warned, I suspect the Men In Black dropped by for a little chat...

DoktorBass: The Right Medicine?

Concerted effort, or lone vigilante?
Last weekend, a number of Faroe Islands websites, Facebook, Twitter and email accounts came under attack from an anonymous source, seemingly based in Australia. The originator of these hacks calls himself DoktorBass.
Last Saturday on a publically-accessible site, he posted an extensive list of around 200 e-addresses under the title #OpHarpoon: 'an operation to attempt to try and stop whaling.' (As you know, the Faroe Islanders regularly herd entire pods of pilot whales into shallow bays, and kill them in traditional and brutal fashion.) The site was arranged so that others of a similar motivation could download his material and escalate the hacking. It carried the warning: "To those who support killing whales we only have one thing to say, expect us".
This is not the first e-assault by DoktorBass - he originated eight in July alone, with his targets widespread in location and subject. His pastebin features titles such as Gold Coast Dating site; #OpFuckUganda; luxuryhomesAustralia.com.au; #OpPedoChat; Paraguayan websites, lawyers and attorneys...and even the FBI! While these have gained little support (in terms of copying/pasting), the latest Faroes attack has - at time of writing - had more than 11,500 hits...and thus I assume a flow-on effect at the Faroe Islands receiving end.
I wholeheartedly support the recent viral attacks on Iranian govt computers (it seems a better safer option to disrupt it's nuclear programme virally, rather than by military attack!). DoktorBass's assault however looks highly unlikely to disrupt the FI economy or cripple its govt. It may prove nothing more than an inconvenience, and achieve little.
Mind you, hacking the FBI may have quite a different result..!

Better Than A Nuke

Thousands of Iranian govt computers have been hit by a highly sophisticated virus.
Wall Street Journal says Flame was widespread through the Middle East and other parts of the world, but Iran was affected the most. It's at least the third time since 2010 Iran's been hit by hi-tech viruses (such as Stuxnet, Duqu and Wiper), disabling enrichment centrifuges, stealing data from nuke facilities and erasing oil ministry computers.
Experts at computer security firm Kaspersky say the aim of Flame was espionage, not damage or interruption. Flame was still active last Monday, but after Kaspersky went public, it immediately started shutting down to hide its source. By Tuesday, it was inactive.
Kaspersky said at least 20 specialists were needed to create/maintain Flame, suggesting it was sponsored by a nation-state: it wasn't economically feasible for a private corporation to run such a large-scale international cyberattack.
Flame is the biggest and most high-functioning cyberweapon ever discovered, 20X larger than Stuxnet and with 100X more code than a basic virus. Experts believe it fed back info to a central control network that constantly changed location. Analysts found servers around the world, but hadn't located the main server.
Iran said on Tuesday it was a victim of cyberwarfare by Israel and the US. The White House declined to comment. Israel neither confirmed nor denied, but an Iranian news site claims otherwise...
It's like a plot from a techno-spy thriller! Still, disrupting Iran's uranium enrichment programme by cyber-attack has gotta be better than Israel's option of choice, a pre-emptive military strike.

PS: 01 June 2012 - NY Times says US and Israel were responsible for Stuxnet virus in 2010.

How Long’s A Piece Of String?

Last night I tried to access my email, but encountered a phishing attempt (my provider resolved it quickly).
There’re growing incidents of hacking – some personal, some international (such as hacking of multi-nationals, banks, military and government sites).
Alan Dupont, director of the Centre for International Security Studies at Sydney University and former intelligence analyst: "Cyber security is at the top of the (Australian) national security agenda. It's become the fifth domain of warfare - land, sea, air, space and now cyber."
Last week, Oz and USA formally gave cyber attacks the same gravity as military attack for the purposes of the ANZUS defence treaty. They announced that "in the event of a cyber attack that threatens the territorial integrity, political independence or security of either of our nations, Australia and the United States would consult together and determine appropriate options to address the threat".
It's the first time any country’s written cyber attacks into a defence treaty, and it's a strong message that hackers could potentially start conflict in ways they hadn't expected. But what constitutes such an attack? That hasn't been defined yet.
Well, if a hacker steals military secrets, is that grounds for invoking the treaty? Because that's already happened many times...
What if a country suddenly diverts 15% of all global internet routes through its servers, including those for the US Senate and military, for 18 minutes? Because China Telecom did that (April 2010)...
What if a cyber attack shuts down a country's electricity grid, or its financial system? Hello, Tom Clancy...is that provocative enough?
An official said: "The issue will be one where 'you’ll know it when you see it'." How long is a piece of string...?
Hackers don’t care about repercussions – it’s all about the game or the gain - so the onus is on their host countries to tighten their own cyber security. But what if that country benefits from any information received...? 
PS: 27 Sept.2011 - NZ's new National Cyber Security Centre opens.

Stalking? Or Just Caring?

Launched this week in NZ - a homegrown product that lets parents monitor their childrens' mobile phones.
Sally Rae and Steve Herstell have launched MyFone, which allows parents to see all activity on their kids' phones, via a protected website. Yeup, all numbers in and out, and all texts too!
They say it's designed to help parents save their kids from becoming victims of bullying, sexting and grooming. But NZ Council of Civil Liberties spokesman Batch Hales calls it worrying: "A lot of parents are very controlling, and I can imagine they'll really control their kids by listening in to their conversations." Ms Rae says she knows this is going to be controversial "but what's more important - our children's civil rights, or their safety and protection?"
To me it's a no-brainer: safety first. That is part of a parent's job description. If you talk to your kids about why you're doing this, there shouldn't be a problem...unless they're doing things that they don't want their parents to know about. And if parents are that concerned, then taking away kids' cell phones certainly decreases the opportunities to misbehave. I may sound, like, old-fashioned but, like, many kids today, y'know, have forgotten how to talk like face-to-face...? Gay. Totally. Bogus. What??!!
Mind you, these products are not new. There's one in USA called Trustbust which secretly takes photos of anyone snooping through your phone... although setting a trap like that almost feels like it would be a false admission of guilt. Another to be wary of is FlexiSpy which captures call logs, text messages and mobile Internet activity, among other things. Some security firms have labeled it a malicious Trojan program which may be able to ring up phone charges to your cell. A Pro version also lets the user call a target cell phone and listen in on what's going on in the background.
The danger is that parents using these sorts of programs, with the best of thoughts, unintentially become the phone-stalkers they've warned their children about!

Trojan Hoarse!!!

My apologies to regular readers of my blog, for my lack of posts over the last few days. This is not from lack of inspiration or subject material - in fact, there're plenty of items worthy of comment.
However my computer has been hit by a Trojan Win32, and I'm having great difficulty in getting rid of it. I've been screaming in frustration, til I'm hoarse!!! Why any bastard out there wishes to create these damaging viruses and trojans escapes me!
And coupled with that, I've discovered a faulty bearing in the CPU fan which requires minor surgery.
So bear with me and please keep checking in now and then - I value your following and WILL be up and running soon...

DANGER! DANGER, Will Robinson! #4: Pornos, Beware!

A new computer virus is using global embarrassment for extortion.
The Kenzero trojan virus originated in Japan and targets users of the Winni file-sharing service. It looks like a standard game installer: when customers use Winni to download illegal adult animated "hentai" games, their PCs are infected with Kenzero, which copies their browsing history and posts it online, for all to see. Anyone downloading these games, which feature extremely graphic sex acts, probably doesn't want his browsing track record shown to the world!
After infection and publication, the victim is then held for ransom by a fake organization calling itself the ICPP Copyright Foundation, which demands a small (US$16) payment to "settle your violation of copyright law." A similar virus hitting European users demands much higher fees (US$400), which is termed a "pre-trial settlement." Then the outfit on-sells your credit card details.
This is technically no different from other viruses: anti-malware and anti-virus software should clear it up. As for any browsing histories published on the net, users might just have to live with it: call it an embarrassing lesson learned!
[...see also my post of 2 April 2010, regarding hentai rape games...]

DANGER! DANGER, Will Robinson! #3 - the Chinese Scourge

Recently I picked up a little social disease: an ad that kept popping up on my computer. It was from a Chinese source: aiqianming.cn.
It appeared every 20min., knocking whatever I was working on down to the taskbar: it wouldn't damage or destroy anything, but it became very annoying!
If this appears on your computer, here's one simple solution: a friend suggested logging onto 'TREND Micro', which offers a selection of free remedies for various computer ailments such as adware, spyware, malware, pop-ups, bots...worth a try! Worked for me...

DANGER! DANGER, Will Robinson! #2

The death of '80s heart-throb Patrick Swayze has inspired an outpouring of on-line tributes from fans...while a darker side of the web tries to cash in.
Hackers are renowned for jumping on the search bandwagon and targeting popular search terms, to sell fake anti-virus software and to infect your computer with malware. Just as these maggots exploited the deaths of Michael Jackson and Farah Fawcett to lead people to virus-laced websites, so Swayze’s death has led to similar tactics.
Cyber-criminals use search engine optimisation (SEO) techniques to get these websites ranked high in search engines like Google. When you visit these legitimate-looking sites you're advised your computer needs anti-virus scans. When these scans are completed, you're told your computer has been infected with Trojans, and surprise! surprise! They then offer to sell you fake anti-virus software to remove them. Many of the sites also implant viruses designed to steal such things as passwords and credit-card numbers. BEWARE!
This is the same technique that I warned about back in July 2009...ask yourself: do you really need to pour your emotions out on a fan website?

DANGER! DANGER, Will Robinson!

I'm posting this, with a sense of relief... knowing that my computer is "clean" again (hopefully)! But only an hour ago, a message leapt up onto my screen, screaming that I'd been infected by Trojan.Win32.Agent.azsy. The warning message was from Personal Antivirus and looked just like the warning pages from many of the anti-virus systems available.
BEWARE!! Personal Antivirus IS the virus!
It's an infection from Russia, urging you to download their product to remove the trojan...and by doing that, you give Personal Antivirus access to God knows what! Also while you're contemplating the end of your computer as you know it, another warning will raise the pressure level, warning of infection by W32.Ackantta.B@mm which is supposedly a worm from Malaysia. Nope, it's the same Russian crap again!
Not wanting to purchase a remedy on-line (thus giving the virus my credit card details!), I was able to remove Personal Antivirus by downloading SUPERAntiSpyware Free Edition. So far, so good...