Sunday, May 31, 2015

I'd never hire someone who could enter my machines

Alejandro Ramos, IT Security Manager at ING DIRECT Spain.


Alejandro Ramos, 35, is a benchmark in INFOSEC from Spain. Editor at Security By Default, one of the communitie's flagship blogs; godfather of RootedCON; co-author of the succesfull book "Epic Hacker"... Easy to say when you have a 6-year-old son and a job, security manager at ING DIRECT, which does not seem easy either.

Self-declared Geek, Álex is a hacker, plain and simple, and really smart too. His best skill according to Linkedin is the "penetration testing", we're talking about an expert who has spent 15 years in business and a few on the dark side, in the 90's, still studying at that sort of College called IRC-Hispano. He still keeps some good friends from that time, when a hacking group was, as he says, "putting ideas in common."


Friday, May 29, 2015

We are cannon fodder for cybercrime industry

It's painful to say, but true. Currently, crime industry is using us to spread its campaigns. Either way, the point is either you and a server, might be part of one or more botnets, like attack vectors to the rest of user's community.



And as a sample, from CIGTR we have recommended occasionally make use of VPN networks to improve our communications safety. One of the most popular free services; Hola VPN; has a premium version which apparently is being used by cybercriminals to hire some bandwidth from our devices and perform DDoS attacks, which in this case have affected 8chan, one of the busiest forums in the Internet.


Thursday, May 28, 2015

You can crash an iPhone sending this text

Tonight a bunch of teenagers and not so teenagers have had fun crashing their friend's iPhones in the simplest way: sending a string of some Arabic characters, by SMS, iMessage, WhatsApp or Telegram. We will talk about it and also about why it's best not to rely on SourceForge, what makes the new virus which attacks routers and what is happening with website blocking in the UK. Let's get started.



This bug was unveiled last night in Reddit forums, it appears for the second time and affects Apple´s IOS operating system, specifically to iPhone and iPad devices. It causes the application to crash if the "evil" message is received in a conversation, or even reboot the device if it is received when it is locked.


Wednesday, May 27, 2015

The war against Hackers

American hacker community is seriously disturbed these days, and it's because their government wants to restrict cyber weapons usage: viruses, exploits and monitoring programs. It's called "The war against hackers". We will discuss it, and also of a new data breach, this time stolen from the service of tax collection in the United States; a new virus which attacks routers and a veteran security convention, starting tomorrow: Hack In The Box.


The young Reuben Paul arrived yesterday to Amsterdam
It all started last year with the Wassenaar Agreement, which limits weapon proliferation among signatory countries; and introduced the concept of "cyber weapon" on it´s list. Now, the United States is working on applying Wassenar resolutions to its laws, so US citizenship has two months to present allegations. The tension has gone so far as never seen before, confronting INFOSEC researchers against the Electronic Frontier Foundation. The Errata Security blog has done a very comprehensive summary of all this mess which, if it doesn't stop in the United States, is probably coming soon to Europe.


Tuesday, May 26, 2015

What would you hire a hacker for?

The hacker community has never seen it as a good idea. And they were right: Hacker's List service, which offers the possibility to hire "hackers", had a security breach which allowed to know the real names of those who offered their services and those who demanded them, besides what they have ordered. A new super sensitive online data leak for the umpteenth time... We'll also discuss the spanish companies lack of interest on INFOSEC issues and about a sheriff who exceeded his functions.



The Hacker's List service was launched in February and then began to grow exponentially until it drew attention of a researcher, who created a robot search engine to analyze what kind of services were requested, including spying on partner's Whatsapp, closing someone's Instagram account or stealing an exam from the teacher's computer... but was discovered so much more: it was possible to know name and other data of "hackers", of those who hired them, and what purpose.


Monday, May 25, 2015

The Saudi government does not spend money on cybersecurity

Or so it seems: the Cyber ​​Army of Yemen has leaked a file containing nearly a hundred gigas stolen which contains hundreds of archives of the Saudi government, mostly emails but also images, presentations and other documents. Good way to start a Monday! We´ll also talk today about dangerous apps for Minecraft-addicted, how easy it is spying us when we  carry technology with us and a new phenomenon increasingly popular: the CryptoParties


The leaked information comes from the assault of  more than 3,000 computers and thousands of users of the Ministries of Foreign Affairs and Defence of the Saudi government. For he avoidance of doubt of this achievement, Cyber Army of Yemen has published two images on the employees computers, as well as on the website, explaining what they had done.


Sunday, May 24, 2015

"In cyber fight, the strongest does not win"

Interview with Manel Medina, organizer of Symposium on Electronic Crime Research, Barcelona, May 25th to 29th, y co-author of book "Cibercrimen" (cybercrime).


Manel Medina is a quiet man who does not imagine himself raising his voice. Lifelong Professor, with its eternal bow tie, he is a sort of Indiana Jones of computer security. In 1994 he created the first Spanish Computer Emergency Response Team (CERT), at the Polytechnic University of Catalonia (UPC), and became inmersed into cybersecurity when no one else were around the subject.


With age comes wisdom and thanks to his seniority, Medina has very clear and personal ideas about this world, that he catches with eagle eye. He is scientific coordinator of Anti Phishing Working Group (APWG) in Europe, has founded pioneer enterprises as the one dedicated to Safelayer digital certification, and in recent years has worked for the European Security Agency (ENISA), from the beautiful island Crete. We do not have room enough for reviewing his curriculum, so we better talk to him.


Friday, May 22, 2015

Sexual data of about four million users filtered

Since mid-April it have appeared sensitive personal data, including sexual preferences, of almost four million users of Adult FriendFinder website. In CIGTR we are already considering to institute Filtration Data Day, each more epic. Also we talk about of a failure which affects millions of Android phones, the computer error that caused yesterday thousands of Catalans arrived late to job and  X1RedMasSegura days, which started today .



Someone commented on Twitter: "Look how well, due to the tiny Adult FriendFinder site security criminals have 4 million people classified according to their sexual preferences, to make blackmail, phishing and whatever they want.The thief would be a Thai called ROR [RG] who says the site owner owes money to a friend of him, the reason why he blackmailed Adult FriendFinder to do not make more public data.


Thursday, May 21, 2015

Take care with the Postal Service mails

It is hard to remember a plague like the “ransomware” in the history of the Internet. Viruses which can encrypt our personal files and request for a ransom are affecting thousands of people and small business which have never done a “backup”. We will talk about this huge problem and also the last idea of North American Cyber-Strategists: treat the 0days as a weapon.




The ransomware is disguised as a electronic e-mail with Correos logo, where there is a website link that offer view a letter that they were not able to deliver. There are malicious advertisements on websites too and if we have out-dated browsers it can install viruses to your computer. An investigator ,called Jada Cyrus, has created a kit with instructions and some programs to clear the computer and to break the encrypted files. It is all we have about “ransomware” for the moment. Be aware!


Wednesday, May 20, 2015

How a stupid fail can endanger million people

Today We have known the existence of two important failures in security  happened in the nineties. The first one is related with NetUSB tecnology, present in millions of routers, printers and Internet devices. The other one is used to“man in the middle” attacks on  private social networks. We also talk about how long it takes to companies to detect an attack and a bad joke in a garage in Manchester.


It is curious  how a ridiculous failure in a small company of Taiwan can jeopardise millions of routers and other  electronic equipment all around the world. NetUSB makes possible to change the name of your device so  when you connect with your equipment and the name is bigger than 64 characters it fries the client device. A common failure in the 1990s which has been resolved.


Tuesday, May 19, 2015

Assault to the Federal Reserve of Saint Louis

This seems to be like the Wild West. The electronic crime stops stealing bank clients with banking trojans to start stealing  the financial institutions directly, without fear.The attack suffered by the Federal reserve of Saint Louis at the end of april was an intermediate step in this evolution. We wrote about that in an earlier article as well as the assault against petrol companies, the security guide for medical devices and the recommendation to assist a congress in Barcelona next week.



The Federal Reserve of Saint Louis, in United States, was subject of a very extreme easy attack last month when the DNS provider data was manipulated by the criminals.In that way, they  redirect the online customers to fake websites where they obtained personal data and their bank personal access code. The Federal Reserve has asked customers to change their passwords. 


Monday, May 18, 2015

Will you hack a plane you are fliying in?

Chris Roberts, would. According to the FBI, the INFOSEC consultant has tried to manipulate the computer systems of the aircraft in which he traveled at least 20 times, and in one of them he would achieved to send commands and move one of the engines. No kidding. Today we will talk also about unsafe parkings, a theft to the Central Bank of Ireland and an interesting magazine.

By Rob Shenk
Chris Roberts rose to fame when the FBI stopped him getting off a plane after publishing several tweets explaining which he was trying to hack it. It seemed an exaggerated response from the FBI, until, today we learned that Roberts used to engage these games in his frequent air travels and, in at least one occasion, he had a plane's engine in his hands. Undoubtedly, someone you should check if he's on the passengers list the next time we fly!


Sunday, May 17, 2015

"Social engineering is the hardest 0-Day"

Marcelo Rivero, founder of InfoSpyware and ForoSpyware.
"In my student days, I was often infecting my devices deliberately".  

Managing a community of 850,000 registered users more than 10 years requires large doses of social engineering. That is a subject well handled by Marcelo Rivero, expert on malware and, more specifically, on deceptions developed by bad guys to click a link or open a file that will infect your computer. Uruguayan based in Miami, Rivero is 37 years old and has two children that he names its "daily fuel in life".

Today he is an independent security analyst as well as Microsoft MVP Consumer Security. Marcelo was guided by devotion to others when he created InfoSpyware (2004), and ForoSpyware some time later, the largest forums in Spanish with information, tools and personalized and free assistance about malicious code. 


Friday, May 15, 2015

Caught red-handed spying on their partners and relatives

Today we have waken up with interesting news on private life: someone have leaked into the Tor network hundreds of gigabytes of data from 400,000 customers of mSpy software company, whose products are used for spy kids, couples and friends at home. We also talk today about the assault on the mobile web in the Washington Post, the inefficiency of closing pirate webs and a lesson about social engineering.


That's the story of the hunted hunter. Apple IDs, passwords, pictures... Today nobody would want to be in the skin of mSpy customers. The programs of this company allow to know the geographical location of spied people, access to communications applications such as Skype or snapchat and record everything typed on the victim's cell phone. We may think of many morals, but well, it is up to our intelligent readers imagination.


Thursday, May 14, 2015

Waiting for VENOM exploits

Today there is no talk about anything else in the INFOSEC experts community. The VENOM vulnerability, which stands for "Virtual Environment Neglected Operations Manipulation", is on everyone's lips: Maybe it is exaggerated or not and blah, blah, blah. We will join the discussion about this new bug with even its own logo, and we'll also discuss the adoption of the law which puts an end to the NSA, the Chinese group which "works" from Microsoft website and about how Canada has halved its spam.



VENOM is another super-bug of those which had spent years without anyone noticing, 11 in this case, and has affected thousands and thousands of virtual machines created with some of the most popular open source platforms, luckily, not all of them. It enables to take control of virtual machines and its hosting server and others close, for intellectual property theft, passwords, bitcoins and whatever emerges. Although there are patches, the patching frequency is always uncertain so the arrival of the first exploits are expected, and probably as we write these lines may already run through the underground.


Wednesday, May 13, 2015

Have you paid attention to your router lately?

Botnets which have under their control thousands of non securized "routers" are increasingly common, said Incapsula company researchers specialized in protection against Denial of Service (DDoS) attacks. Today we'll pay attention to this increasingly pressing problem and we'll discuss the domain of Romania in the governmental INFOSEC world and the rant about whether or not covering our devices cameras.
According to Incapsula, in the last four months there have been registered DDoS attacks from more than 40,000 IP addresses belonging to routers provided by 1.600 ISPs to their customers. Routers which can be remotely managed and whose owners have not even changed the default password in most cases. While it's not a new phenomenon, the researchers warn about its galloping rise.


Tuesday, May 12, 2015

Hire me or I will hack you

It´s the talk these days in the INFOSEC field in the USA: a former employee accuses the Tiversa company of having assaulted and robbed databases to companies which didn't hire its services,and then reported them to the Federal Trade Commission. Today we'll also discuss the cyber jihad, of some red and blue teams and we'll welcome the new Obama's technological adviser, an old acquaintance of the Internet community.



Richard Wallace is the one who has denounced these mafia style practices. It is estimated that Tiversa sued a hundred companies to the FTC, an agency which would had seriously fined at least one of them, which had to close. To make it more bizarre, on the council of Tiversa there are from decorated military to the founder of the prestigious Ponemon Institute. It would not be the first time security companies extort clients in order to hire their services, but fortunately it is a very very sporadic issue.


Monday, May 11, 2015

Death to evil hackers

Does anyone deserve capital punishment for their cybercrimes? Perhaps not their physical self, but why not the virtual one? That's what the responsible of Guild Wars 2 thought, when killed a character where a sabouteur of their online game was hidden beneath. The execution video is shocking and we'll offer it along with other news of the day, such as increasing mobile insurance fraud or a guide to know if someone is assaulting our home wifi.



The character of the evil hacker was named, of course, DarkSide and belonged to someone who had spent weeks using exploits to gain power in the game. That's how he managed to perform unauthorized actions, such as getting a teleport or resurrect. After multiple complaints from other players, the creators of Guild Wars, which has sold 4 million copies, decided to expel the user and kill his character publicly throwing him off a bridge. Brutal.


Sunday, May 10, 2015

What worries me most about myself is that I arouse passions

Interview with Chema Alonso


Charisma is the word when it comes to Chema Alonso, CEO of Eleven Paths, a subsidiary of Telefonica Digital dedicated to cybersecurity, which is celebrating its second birthday. Chema has been nearly two decades in the business. What could we say about him that has not been said yet? He is the social engineer who knows how to detect and surround himself with the good guys, and the audience favorite 'hacker'. After hundreds of lectures, even photos with fans, he is the kind of rara avis expert becoming a superstar.

But... after this studied pose of 'showman', there is someone very, very serious and tenacious. There are a few guys in the industry with PhD -injection techniques in his case-, that privately he shows as one of his best hacks. Just where the show, the money and the strategies end up, is where we find this 'kid' from Mostoles, who loved to write, to draw, to program; the teacher who always he wanted to be, the reason why he can explain cybersecurity in a simple and entertaining way. Come and see.


Friday, May 8, 2015

It is time to put some limits on the NSA

A federal court in New York has ruled the illegality of the National Security Agency program which has spent years randomly recording American citizen's metadata calls. It is crucial news for those in that country trying to put limits on the NSA voracious appetite. We'll also discuss about SAP insecurity, blackmailing to companies and new cyber propaganda strategies.



The banning of the NSA monitoring calls program comes just as the United States its about to approve a law which put some limits on espionage to citizens by the agency. Besides, right now the European governments are increasing their citizen monitoring, as the law just approved this week in France.


Thursday, May 7, 2015

Thousands of websites endangered by a wordpress failure

It's what happens when programs are used on a massive scale: if there is a failure, it affects millions. In this particular case we're talking about a WordPress "bug", present in multiple plugins and themes. Today is World Password Day and we will offer some tips to deal with them, and we'll also talk about unethical antivirus and something pretty scary: facial recognition software on the streets.


This WordPress failure is not serious only because this software is used in millions of sites, but also because it is located in a generic package and even the "example.html" can be exploited. The good news is, being a Cross Site Scripting attack, the cooperation of victims is needed and they must be persuaded to click on a malicious link. Something, as we have said many times, which is more than easy for criminals who know how to use social engineering.


Wednesday, May 6, 2015

Welcome to Disclosure Wars

Nobody likes to be pointed out by their flaws. And if these defects can make you lose your reputation or your programmer's working hours to solve it, even less. Disclosure of computer failures has always been tinged with controversy, but when it seemed it has reached to terms of consensual responsibility, the discussion has been enlivened. Today it is CriptoLock against IOActive. And others have been in conflict about this same issue for years: Microsoft and Google.



CryptoLock is an Oregon-located electronic locks company. The IOActive consulting company discovered various flaws in their products and warned CryptoLock, following the protocols of "responsible disclosure" and allowing CryptoLock to fix them. But just the day before the one they had agreed, a CryptoLock lawyer sent a letter to IOActive threatening to report them for having "cracked" their products.


Tuesday, May 5, 2015

Facebook joins the fight against infecting ads

A few days ago, Google announced some measures to deal via encryption with the plague of ads infecting websites visitors. Now Facebook joined, and they will monitor the millions of ads shown in its social network. Both initiatives deserve applause. We will discuss today also about a quite destructive virus, about how was Uber hacked and about new authentication methods beyond passwords.


Ads which infect website visitors have become a real plague. Its victims do not even noticed the infection because is automatic: malicious code examines the victim's browser and whether there is a security hole for which the virus is programmed, it uses it to infect your entire computer. Facebook has announced an agreement with a company who will monitor the millions of third-party ads displayed on the network.


Monday, May 4, 2015

The European Central Bank asks for Bank’s INFOSEC guarantees

Banks are the number one target of cybercrime today. And the European Central Bank knows it. That´s why it has sent a questionnaire to 123 banks, in order to know their INFOSEC status. How many of them have taken a good note? We'll also talk today about how law enforcement is planning to put an end to cibermafias, a Mozilla's idea to promote web safety and a fright in mid-air: When an app which guides the pilot suddenly stops working. 



INFOSEC has become number one priority for banking business regulators and is not trivial, if we consider that bank fraud attempts have doubled in the past five years. Hence the European Central Bank has been interested in assessing how banks protect customer data through a questionnaire. The Bank of England has also explained its concern to those banks who oversees.


Sunday, May 3, 2015

Who helps others, is a hero to me

Interview with Ángel Pablo Avilés, AKA 'Angelucho' 
"During last 24 hours I think nobody has sneaked me a virus, but during last 20 years..."

His grandparents called him Angelucho and hence his nom de guerre. In the 80's he become radio amateur, like many hackers, and in the 90's he got his first computer. Ángel Pablo Avilés works in Telematics Group Crimes of the Spanish Civil Guard but he devotes every single ounce of energy to his real passion: to teach those who know almost nothing about computer security, ie the most fragile users.


He fulfills its mission through its blog and X1Red+Segura conference, to be held for the third time on 22 and 23 May in Madrid. This annual event was born from a book written in petit committee wrote, oriented to his family for enjoying Internet without scares. Finally, there are 3,000 copies in paper, and incalculable downloads, all for free. Few lawmen own the respect level that Spanish cybersecurity community professes to him.



How did you get into this?
It was a transition from the world of amateur radio, it was a new hobby that annulled the previous one and that today is part of everything I do.

What's your motivation to keep on?
To know that this can help people.

Do you have a hero?
For me, the heroes must be real, not fictional. Everyone who gives part of his time to help others in any field, and in the best way possible, is a hero to me. Everyone who overcomes barriers with limited abilities, which would be insurmountable for many people, is a hero that in addition is helping the others with his attitude.

What 3 things you take with you to a Capture The Flag?
Maybe people capable of solving any problem we could face, and especially anyone who teaches me to solve it.

What worries you about cybersecurity?
I want it to reach the end user, to children, parents and educators, and the elderly gradually being introduced in ICTs inadvertently via the smartphones. I want the security of the "cyber" reaching worldwide.

And what do you like about it?
Just this particular case, that someone like Merce Molist, who widely knows security environments and hacking in Spain, pay a little bit of her time to foster the spirit of X1RedMasSegura.

Have you ever suffered virus?
During last 24 hours I think nobody has sneaked me a virus, but during last 20 years... - damn diskettes.

What is your worst online fault?
I think everyone wants to help others and not just pursue personal gain above all. Although *sometimes* I was wrong.

And your greatest virtue?

I think everyone wants to help others and not just pursue personal gain above all. Although *almost never* I was wrong.

Does any sentence guide your steps, a sentence that you have not turned into password?
Anyone who have read my blog or have heard me knows it: "On the Internet, we are our most vulnerable, but also our best antivirus".


¡Muchas gracias, Angelucho!
Texto: Mercè Molist. Fotos: Angelucho.

Friday, May 1, 2015

Cyber D'Artagnan and the three Musketeers

Conferences and exhibitions everywhere... There is no doubt that information security has become a major activity of knowledge and business, but often we lack perspective. We take this 1st of May, public holiday in most countries of the world, to review three events last weeks: RSA Conference (San Francisco), Hacker World Day (Madrid) and SegurInfo (Buenos Aires). All for one and one for all.

Many attendees at the RSA Conference 2014 were stunned by the large number of presentations on open source vulnerabilities. In this year (20-24 April), attendees could take a break. Less pressure about hacking and more threats assessment and mitigation, and compliance. Less hacking demonstrations, and more on cloud security, business identity management and tools for live-tracking an attack. At least that is what was posted a few days ago in Software Devolopment Times, SDTimes.