Anonymous Takes Down NISD

Anonymous Takes Down NISD Over Student Tracking

Anonymous, the famous “hacktivist” group which is always hogging the limelight for their acts is back once again, this time attacking to protect the rights of the student community. The group has claimed responsibility for attacking and taking down the website of the Northside Independent School District (NISD) which is located in San Antonio over the issue of student tracking. The hackers sent out an email to kens5.com claiming that they took down the NISD website on Saturday and also sent a link to an earlier article about the student tracking project and their message was

“We saw your article … Anonymous (@tr1xxyAnon) are not going to allow this!”

Anonymous Takes Down NISD Over Student Tracking

Anonymous Takes Down NISD Over Student Tracking

The NISD, which came into limelight earlier this year, when they implemented a controversial program to curb the problem of truancy among the students and to secure additional funding from the state by controlling the attendance problem. The project, known as the “Student Locator Project”, requires the students to wear ID badges which have embedded Radio Frequency Identification (RFID) chips in them. So far, the schools which have implemented the project are the John Jay High School and the Anson Jones Middle School which started the program on October 1 this year. However, NISD has planned to expand the project to more than 110 schools in Texas and over 100,000 students to control the problem of student attendance, which is apparently a major issue at the given school district. Supposedly, the district could receive more than 2 million dollars as additional funding from the state if they are able to improve the attendance which is much more than what it would cost to implement the program, which is an estimated 525,000 dollars for the pilot project and an additional 136,000 dollars to keep it running every year. Apparently, the authorities are so stringent in implementing the program that the students who are not wearing their badges are being threatened with disciplinary action like suspensions and fines etc. and recently a student faced such a threat by her Principal at John Jay when she refused to wear the badge citing religious reasons. This is the reason why this move, has been met with multiple protests and outcry by students and parents alike and the reason given by Anonymous for targeting the NISD website which they made clear in a teasing message they sent to the twitter account of NISD which reads something like this :

Anonymous Takes Down NISD

Anonymous Takes Down NISD

This message was sent on Saturday when the Anonymous attacked the website which stayed down for over a day or two. In further response, they mentioned that they are fighting for students rights and seek answers from the officials at NISD.

“They’re tracking students! They have rights too. I want a statement about this, nobody agrees with that, even the parents!” Anonymous said in an e-mail.

The NISD officials on the other hand, have denied reports of their site being under attack.

However, the huge outcry concerning this student tracking problem has raised questions about the limits that the school authorities must observe and that students must not become subjects of technological experiments and if such a program is to be implemented, proper discussion with their parents and experts is very important for student welfare.

About these ads

TripAdvisor travel website infected

TripAdvisor travel website infected with Gamarue malware, infect 2% Indian Internet Users

Cyber criminals are always looking for new ways to perpetrate their crimes and therefore seek new methods or targets to attack and those which are especially vulnerable or those that provide the most benefit financially.  The most recent target of the cyber miscreants seems to be the hotel industry and they have retorted to spamming and malware to exploit this field and carry out their malicious intents.

TripAdvisor travel website infected with Gamarue malware

TripAdvisor travel website infected with Gamarue malware

The most recent incident will prove this straight away as a popular hotel-reviewing site has come under a cyber attack by cyber criminals. TripAdvisor Inc., one of the most popular hotel review site in India, was recently affected by a spam attack according to TrendMicro Inc., a leading Internet security solutions company. The attack came to light when a lot of the users of TripAdvisor received spam emails about the confirmation of hotel bookings of hotels that were explored by the users on the website. According to TrendMicro Inc., more than 1.89% of the users of the site have been affected, which is among the top 5 travel brands in the country with more than 60 million users per month globally and more than 2.4 million users in India alone. The spam email which was sent in the name of one of the hotels and has a thematic design similar to its English counterpart as it contains booking and reservation confirmation details. The attackers made use of a malware known as Gamarue which is commonly disguised in exploitation kits, spam emails or other malware, steals information from users when it becomes activated as users may click on the links or download attachment files.  The scam came to notice when one of the managers of the company received a mail about a hotel booking confirmation as he is a frequent traveler and he had almost fallen for it except that the spammers had used an imaginary hotel address to trap the users as no such hotel exists in India exposing the mail as spam.

A lot of e-commerce websites pay the price of being popular. Online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and online sites. A frequent traveler who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click that mail. When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on the emails and saved on user’s system“, said Suchita Vishnoi, Head Corporate Communications, Trend Micro.

This scam has made it clear that cyber criminals are too adept at exploring new avenues of cyber attack and the hotel and travel industry is their latest target given the large number of users and online financial transactions. Well, this means that users must be aware of the potential of cyber attack and be cautious and alert before clicking on suspicious links and responding to such mails etc to prevent any untoward incident.

Samsung printer having secret admin account Backdoor

Secret Admin Backdoor Accounts Found in Samsung Printers

One would think that printers aren’t much of a security risk, but while this was true a decade ago, it is no longer the case. Samsung’s printer line is more or less clearly showing it.

There is a lot of software involved in the operation of today’s printers, especially in regard to network connectivity.

Whereas once they needed to get every bit of information straight from the PC through a dedicated cable, printers have their own software now and can perform certain things on their own, especially when they have extra functions like scanning and photocopying.

Samsung printer having secret admin account Backdoor

This is why hackers have taken an interest in them, and why security companies have been making sure to check all new models for vulnerabilities.

The United States Computer Emergency Readiness Team (US CERT) found that some Samsung printers possess what essentially amounts to a backdoor admin account.

The vulnerability notice is very short, and completely fails to mention exactly which printers are a danger to their owners.

Models released after October 31 aren’t affected, CERT says, but the ones before, whichever they are, can be hacked into, at which point they grant the “admins” access to administrative privileges and the ability to change configuration and, most importantly, access sensitive information.

And here people will say that printers don’t store much of import, and we agree. Sadly, the backdoor grants access to the network information, credentials and whatever data is being passed to the printer, which could totally compromise private or important business documents.

“A remote, unauthenticated attacker could access an affected device with administrative privileges. Secondary impacts include: the ability to make changes to the device configuration, access to sensitive information (e.g., device and network information, credentials, and information passed to the printer), and the ability to leverage further attacks through arbitrary code execution,” CERT explains.

A patch tool will be released before the end of the year (2012) to fix this problem. Samsung must still be compiling a list of the problematic printers if it has yet to say exactly which they are.

Algerian Hacker hijack Romanian Google and Yahoo

Google’s Romanian Domain Gets Defaced By Algerian Hacker MCA-CRB. Google Says: “We Were Not Hacked”

Looks like Pakistan is not the only place where major Internet companies’ domain names can get hacked hijacked. This morning, google.ro was taken over, with the credit being taken by “Algerian Hacker” MCA-CRB, a serial website defacer. The site looked like the picture above for at least an hour, according to our tipster. It still looked like this when I took the screenshot, although now the site seems to have been taken down altogether.

Algerian Hacker hijack Romanian Google and Yahoo

It appears to be slowly coming back to the normal Google Romania page worldwide now, and is being described as a possible “DNS hijacking attack” (more below). Google, meanwhile, says that it was “not hacked” but that someone had managed to redirect visitors to another site for Google.ro and “a few other web addresses.” (Full statement below.)

Softpedia is reporting that the same thing has happened to Yahoo’s site, but the site looks fine to me right now. Paypal.ro is also redirecting to the same page as Google.ro, although PayPal also operates another site at https://www.paypal.com/ro/ that is up.

The text on the hacked site reads: “By MCA-CRB / Algerian Hacker” and gives credit to three names, “all members Sec” — so perhaps in one of the many loose groups of hackers that associate themselves with Anonymous and LulzSec. “S thanks = Mr-AdeL & i-Hmx & Lagripe-Dz All Members Sec,” the page reads.

MCA-DRB is also threatening more. “To Be Continued ….” the site says.

That’s not an empty threat, it seems. MCA-DRB, according to Zone-h’s registry of hacked sites, has been responsible for 5,530 site hacks and defacements to date, with many of them appearing to cover government and public services sites from countries across Asia, Africa, Europe, Australia and the Americas. By comparison, the Zone-h attributes 313 sites to Eboz, not counting the 284 from over the weekend.

Interestingly, this doesn’t seem to be happening everywhere. My colleague Drew sent me the screenshot for Google.ro from his computer in California and it seems to look like business as usual:

And it doesn’t seem to be following the same form as this weekend’s defacement exercise in Pakistan, where 284 sites were taken down by a hacker called Eboz. That attack appeared to have to do with the infiltration of the country’s domain registry PKNIC, where all of the affected domain name servers were redirected to servers hosted by Freehostia. But according to current checks on Google.ro, the site is still going to Google name servers.

We are reaching out to Google for comment and will update this story. [Update below.]

Update: Stefan Tanase, a Kaspersky lab expert writing at Securelist, notes that the incident may be due to a “DNS hijacking” attack. He notes that “both domains resolve to an IP address located in the Netherlands,” at 95.128.3.172 (server1.joomlapartner.nl), “so it rather looks like a DNS poisoning attack.”

Google meanwhile says that it was not hacked.

“Google services in Romania were not hacked. For a short period, some users visiting http://www.google.ro and a few other web addresses were redirected to a different website. We are in contact with the organization responsible for managing domain names in Romania,” a spokesperson tells TheHackerNews , Zone-h & HackingStuffs

Kuwaiti Ministry of Awqaf and Islamic Affairs Defaced by Anonymous Hacker

In the earlier days of hacking, hackers used to commit hacking attacks for their personal benefit or for simply mischief and gaining notoriety. However, in the recent times, the mindset of hackers has undergone a paradigm shift and they have become much more politically and religiously motivated and perpetrate their attacks in accordance with their supposed mission of attaining socio-political or religious freedom. Many hackers use their skills to protest against government policies or injustice in society. These hackers have gained recognition as “hacktivists” such as the hacking group Anonymous who take to attacking state run websites and attack organisations with a clear cut motive for their activities.

Kuwaiti Ministry of Awqaf and Islamic Affairs Defaced

Kuwaiti Ministry of Awqaf and Islamic Affairs Defaced by Anonymous Hacker

In a recent incident, the website of the Kuwaiti Ministry of Awqaf and Islamic Affairs was defaced by an Anonymous hacker.  The Ministry of Aqwaf and Islamic Affairs, which is a state run organisation which strives towards maintaining the social order and religious harmony in the country. The website was defaced with a screenshot of the Anonymous Guy Fawkes Mask and a message in Arabic which when translated reads something like this,
 
“Letter to the Kuwaiti people full and without any exception ! Jordan and Palestine red line and pocket Asarthm Bandas ! God bless you, O Saddam and what God has failed them !! Gary trampling upon you and one-and-one, O and Ladd dog !! Strong Protection, is Our Target”

The site remained defaced for quite some time after which it was restored. As such, there has been no success in tracing the hacker responsible though it is believed that this attack has been perpetrated by the Kuwaiti chapter of the hacking organisation Anonymous. Well, this is the first attack of this type on the Ministry’s website though hacking attacks are not uncommon in the nation. Moreover, there has been no success in making sense of the seemingly cryptic message posted by the hacker. This has led to confusion concerning the motive of the hacker in committing the attack and it is difficult to deduce whether this attack is religiously motivated or a political attack or simply done by a hacker to show his hacking prowess. Many therefore doubt the involvement of the actual hacking group Anonymous behind this attack who usually give a well defined motive for their activities.

Moreover, there has been no comment by any Kuwait Government official about the incident and it is unclear what the reaction of the state will be as the hacker has attacked a site that pertains to maintenance of religious harmony. There are wide and varying reactions by the people about this incident though most have ruled the involvement of Anonymous in this attack, many are wondering what action might be taken by the government who are known for their tough stance. However, it seems that we might have to wait for some time to get the right updates about the incident and the action of the Kuwaiti Government in this regard.

NBC Sports Rotoworld forums and Mobile website defaced

It seems that other hackers have also decided to join the celebrations of the Guy Fawkes Day along with the hacker’s congregation Anonymous. The day which is celebrated in memory of the rebellious Englishman who was caught in the plot to blow the British Parliament back in the 17th century gained recognition recently as his mask was chosen as their symbol by the Anonymous and other hackers across the world. Well, this year has seen pretty good celebration of the day by hackers across the world as it was marked by multiple hacking incidents in a single day. However, it was not only the Anonymous who perpetrated all the incidents and others also contributed their share of hackings.

NBC Sports Rotoworld forums and Mobile website defaced

NBC Sports Rotoworld forums and Mobile website defaced

In a day where Anonymous was supposed to be the centre of attention, another hacker stole the limelight when he hacked and defaced the website of the American broadcasting giant National Broadcasting Corporation (NBC) in remembrance of the Guy Fawkes Day. The hacker who left the message, “hacked by pyknic” on the sites, defaced the main website of the NBC  along with many sub sites such as Saturday Night Live, the mobile version of the NBC site (m.nbc.com) and the NBC  Sports Rotoworld Forums (forums.rotoworld.com). The defaced sites displayed a starry background with a scroll of running text which was the nursery rhyme that commemorates the arrest of Guy Fawkes which goes like, “Remember, Remember The Fifth of November, The Gunpowder Treason and Plot. I know of no reason why the gunpowder treason should ever be forgot.

The message by the hacker also claimed that user info and passwords had been leaked but no mention of the location of the leaked database has been made by the hacker, who calls himself pyknic and was previously unheard of. The same hacker then also hacked the fan site of the pop star Lady Gaga, which was repaired later on during the day. It is surprising that an unknown hacker was able to hack the site of a major television broadcast agency to such an extent. However, the good news is that the NBC sites were recovered soon after the attack and investigation is being carried out to know more about the attack. There have been no comments however, from the NBC management whatsoever about the attacks and no comments from investigating agencies such as the FBI.

This incident has led to comparisons of this incident with the modus operandi of the Anonymous who are known for their high profile cyber attacks, and some have linked this hacker to the group itself as they had declared 5th November as their day of protest. This is difficult to prove however as the Anonymous follow a more planned trajectory and also provide a strong motive for their actions. Therefore, there have been polarised reactions concerning this attack on the NBC website with some people mocking the choice of target the hacker made.

Well, November 5 has surely become one of the most exciting days in the recent cyberspace history by the joint efforts of Anonymous and the hacker known as pyknic and they have surely set the cyber world abuzz with their activities.