Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Gozi Malware Creators Charged in the US; the Russian Faces 95 years in Prison

The Russian cyber criminal behind the infamous Gozi malware, which affected more than a million computers worldwide and was designed with the intent of stealing confidential banking credentials of users and affected thousands of customers was charged in New York along with two accomplices according to the files released by the U.S. Department of Justice.

Nikita Vladimirovich Kuzmin, the mastermind behind the Gozi malware coding and distribution was charged along with Deniss Calovskis, and Mihai Inout Paunescu, all of whom are from Eastern Europe an were involved in this cyber crime. The charges against them include wire fraud, access device fraud, and computer intrusion, and bank fraud as per the U.S. Attorney’s Office for the Southern District of New York.

Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Russian Hackers Behind Gozi Malware charged for Infecting Millions users

Kuzmin, who hails from Russia, is supposed to have created the program for Gozi sometime around 2005, when he conceived of an idea to create a virus which could steal banking credentials from victims and could escape antivirus software. He enumerated the technical details for such a program and then hired a computer programmer to write the source code. After developing the virus, he started renting it to other like minded cyber criminals who wished to steal various types of data for a weekly fee. The virus was delivered via various means, and stolen data would be stored on a server, the access to which was granted depending on the time period for which the payment was made. This distribution started in 2007 and was limited to Europe during that period, and reached the U.S. only in 2010.

The Gozi Malware comes in a family of software known as zombie software, which uses the method of HTML injection so as to trick victims into revealing their account details which can be accessed by criminals later on.

All three persons had their defined roles and would function in a systematic manner and had codenames in this project of theirs. Calovski, a Latvian who used the name “Miami” was the HTML injection expert and the one who anti-security updates to the criminals who could use these web injects to extract information from their victims as these injects were able to alter the appearance of banking websites to the customers.

Paunescu, who comes from Romania,  and who went by the name “Virus”, was responsible for providing a bulletproof hosting service to their criminal clients, which consists of IP addresses and servers which were used to send the scam emails containing the Gozi malware and others such as Zeus and SpyEye  Trojans, and also controlling botnets and carrying out Denial of service attacks.

The case which was taken up by FBI in May 2010 when people in U.S. started getting affected and intercepted various conversations and emails from Kuzmin which finally led to his arrest in San Francisco in November 2010.

Kuzmin, later pleaded guilty to the charges against him and helped investigators in their investigation into the case.
As of now, it has been confirmed that Gozi Malware has affected more than 40,000 computers in U.S., including 160 computers of NASA.
Kuzmin might face a maximum penalty of 95 years in prison, Claovskis has been given 65 years and Paunescu can face 60 years in prison though how much they will be awarded will be revealed only when the courts sentence them. 

About these ads

Anonymous demands jailed Anons are set free in #FreeAnons 2013

AnonymousCleveland uploaded a video in youtube today. That shows a message to the governments that are jailing Anonymous Hacktivists. In that video the governments that were addressed :

  • The United Kingdom
  • France
  • Romania
  • Turkey
  • United States

Anonymous has witnessed arrests and convictions under the hand of oppressive British, French, Romanian, Turkish, US and other law enforcement agencies, for government and corporate whistleblowing, and even such activities as using twitter, spreading links, and making videos.

Anonymous says that “They will never just stand by and see how their rights get blown away”

We will never be content to stand by, and watch our freedoms be eroded. Transparency cannot exist in government lockdown. Those arrested believe in a cause, believe in the freedom of expression, believe in all of us.

Anonymous states that “They are not afraid”

It is not only our responsibility to support those in trouble, but it is mutually beneficial. By having the backs of those arrested, charged, and held, we send a message that we are not afraid. That we will never give up. That we will fight harder now, than ever before. We, as Anonymous, have an undying responsibility to people who have been jailed as freedom fighters

Anonymous clearly points out that “ For every one of us that falls, 10 more will take his or her place.

Anonymous hackers deface United States Sentencing Commission website

Anonymous Hacks US Sentencing Website in Retaliation for Aaron Swartz’ Death

Hacked data could reveal government secrets, including the identities of informants and targets of surveillance.

Anonymous has taken down the website of the United States Sentencing Commission website as part of their operation Last Resort. The website was hacked on the eve of January 25 and classified government files were distributed and they released a statement that the de-encryption keys would be released publicly if the government fails to comply with their demands for comprehensive reforms in the legal system of the country.

Anonymous hackers deface United States Sentencing Commission website

Anonymous hackers deface United States Sentencing Commission website

The hacking collective referred to their hacking of the site for purely symbolic reasons as the U.S. Sentencing Commission is the governing authority which sets the guidelines for punitive sentencing in the country’s Federal Courts. They mention the recent suicide of MIT student and hacker Aaron Swartz as the reason behind the hacking, which many   believe was the result of an unnecessarily harsh prosecution delivered in the case against him for mass downloading material from JSTOR, a repertory of academic journals based online and this can be gathered from their statement

“Two weeks ago today, a line was crossed. Two weeks ago today, Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win — a twisted and distorted perversion of justice — a game where the only winning move was not to play,”

 The hackers did not disclose the nature of the files that were stolen from the website but they have named these files after the various U.S. Supreme Court Judges. Moreover, they have warned that they have distributed files or warhead on numerous mirrors. The files are worthless without the encryption keys which will be posted by Anonymous in case the government fails to listen to them. The complete statement posted by the group is

“There has been a lot of fuss recently in the technological media regarding such operations as Red October, the widespread use of vulnerable browsers and the availability of zero-day exploits for these browsers and their plugins. None of this comes of course as any surprise to us, but it is perhaps good that those within the information security industry are making the extent of these threats more widely understood.

Still, there is nothing quite as educational as a well-conducted demonstration…

Through this websites and various others that will remain unnamed, we have been conducting our own infiltration. We did not restrict ourselves like the FBI to one high-profile compromise. We are far more ambitious, and far more capable. Over the last two weeks we have wound down this operation, removed all traces of leakware from the compromised systems, and taken down the injection apparatus used to detect and exploit vulnerable machines.

We have enough fissile material for multiple warheads. Today we are launching the first of these. Operation Last Resort has begun…

The contents are various and we won’t ruin the speculation by revealing them. Suffice it to say, everyone has secrets, and some things are not meant to be public. At a regular interval commencing today, we will choose one media outlet and supply them with heavily redacted partial contents of the file. Any media outlets wishing to be eligible for this program must include within their reporting a means of secure communications.

We have not taken this action lightly, nor without consideration of the possible consequences. Should we be forced to reveal the trigger-key to this warhead, we understand that there will be collateral damage. We appreciate that many who work within the justice system believe in those principles that it has lost, corrupted, or abandoned, that they do not bear the full responsibility for the damages caused by their occupation.

It is our hope that this warhead need never be detonated.”

Well, only time will tell whether they will succeed in getting the government to pursue legal reforms or not but they have surely got some people thinking.

Anonymous Operation Last Resort

Turkmenistan Gmail, Microsoft, Youtube Domains Hijacked

Iranian hackers deface multiple big companies Turkmenistan domains (.tm) yesterday using DNS poisoning attack.The defaces includes major sites of Google,Youtube,Orkut,Gmail,Intel,Xbox,etc. All those Hacked domains are registered at NIC  Turkmenistan. Hackers used SQL Injection Vulnerability to get the access to Database of NIC website.

The plain text passwords stored in the database makes very easy for hackers to access all the domain panels and changing  the DNS entries to shift websites on a rouge server with defaced page.

As usual the hackers uploaded a simple html page to show that the site has been defaced by them. The defaced message as shown below.

NIC Turkmenistan Domain Namesdefaced

NIC Turkmenistan Domain Names Defaced

The defaced domain names include

This is the first attack on NIC websites in 2013. Whatever it may be, but it points out strongly that still many of the websites having SQL vulnerabilities. The hackers have also got access to DNS records.

You can view the entire Data leak from here

Mirrors of Defaced sites can be viewed here

MIT Website Hacked

Anonymous Appears To Have Hacked MIT Website, Leaves Swartz Tribute

Hacking collective Anonymous has hacked the website of Massachusetts Institute of Technology as a way of mourning the suicide of the prominent hacker and activist Aaron Swatz. Aaron Swatz, a young programmer and technologist was one of the co-founders of Reddit and RSS 1.0 who was also involved in many acts of social hacktivism and was enshrouded in many controversies throughout his short life. He committed suicide after he was charged with 11 counts of felony by a Massachusetts court for purportedly stealing more than 4 million documents from the site JSTOR website, and faced a possible fine of one million dollars or 35 years in prison after a trial that was to begin next month. Many believe that his suicide was the result of an unnecessarily harsh judicial system and that the decisions taken by the attorney had indeed contributed to his suicide. His death has outraged many and the initiative has been taken by none other than the Anonymous who hacked into MIT’s website and left a tribute message for the late programmer. They have posted a lengthy tirade against the judiciary, calling this incident a grotesque miscarriage of justice. Here is the message posted by Anonymous :

Anonymous Appears To Have Hacked MIT Website, Leaves Swartz Tribute

Anonymous Appears To Have Hacked MIT Website, Leaves Swartz Tribute

In Memoriam, Aaron Swartz, November 8, 1986 – January 11, 2013, Requiescat in pace.

A brief message from Anonymous.

Whether or not the government contributed to his suicide, the government’s prosecution of Swartz was a grotesque miscarriage of justice, a distorted and perverse shadow of the justice that Aaron died fighting for — freeing the publicly-funded scientific literature from a publishing system that makes it inaccessible to most of those who paid for it — enabling the collective betterment of the world through the facilitation of sharing — an ideal that we should all support.

Moreover, the situation Aaron found himself in highlights the injustice of U.S. computer crime laws, particularly their punishment regimes, and the highly-questionable justice of pre-trial bargaining. Aaron’s act was undoubtedly political activism; it had tragic consequences.

After this message the Anonymous posted a list of wishes they have which are :

Our wishes

  • We call for this tragedy to be a basis for reform of computer crime laws, and the overzealous prosecutors who use them.
  • We call for this tragedy to be a basis for reform of copyright and intellectual property law, returning it to the proper principles of common good to the many, rather than private gain to the few.
  • We call for this tragedy to be a basis for greater recognition of the oppression and injustices heaped daily by certain persons and institutions of authority upon anyone who dares to stand up and be counted for their beliefs, and for greater solidarity and mutual aid in response.
  • We call for this tragedy to be a basis for a renewed and unwavering commitment to a free and unfettered internet, spared from censorship with equality of access and franchise for all.

For in the end, we will not be judged according to what we give, but according to what we keep to ourselves.

Aaron, we will sorely miss your friendship, and your help in building a better world. May you read in peace.  ”

There is no doubt in the fact that none of these are overstatements or punches for exaggerated effects and there is definitely a need to look into the unnecessarily harsh judicial laws. The hackers have apologized for temporarily using the MIT website. Also, MIT President has ordered a probe into the case and hopefully this unfortunate incident will change things for good.

MIT Website Hacked :



NASA space your face domain hacked

NASA has become the victim of yet another cyber-attack because of loopholes in its security systems and this time the hackers have defaced and hacked the domain of the NASA’s popular program Space your Face which allowed anybody above the age of 13 to send their photos and headshots into space and was launched before the last of their two shuttles took off into space. However, now this domain contains a flash based application that allows visitors to create funny videos of the various Space missions of NASA.

NASA space your face domain hacked

NASA space your face domain hacked

The defacing was performed by a hacker who goes by the name of “p0ison-r00t” has claimed to have hacked the subdomain of the NASA website which hosts the Space Your Face program  The site is defaced with the following message by the hacker

“Hacked by Safety Last Group
 p0ison-r00t<> pilotcast
greetz:SLG – Islam-47, Inject0r team, 1337;
free Palestine; “

When asked by the Hacker news about the manner in which the hacker gained access, the hacker responded that  “I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server”.  The hacker also commented that because of less administrator privileges, he was not able to edit or modify any file, but that he did upload some text on the site and posted the mirror on zone-h. Moreover, the hacker did not comment on the reasons for the attack on the NASA subdomain and it is difficult to make anything of the gibberish posted on the site. As of now, the space your face website is not accessible and is showing an interruption error even though there has definitely been no data theft.

Certainly this is not the first time that NASA is facing such a cyber-attack and it was one of the most hacked sites during the year 2012. However, it is turning out to be a popular target this year as well. In addition to this hack, another domain of NASA i.e the site of Goddard Space Flight Center which provides information from the scientific perspective about the ongoing projects at the Center. The hacker claims to have bypassed the firewall of the site and to have stolen some critical information from the site and to substantiate his claims, posted the proof on pastebin. However, the stolen data includes nothing serious and probably consists of usernames, passwords etc. only  and the hacker has claimed that the hack was simply a way of exposing the serious flaws in the security of NASA and that he would not leak any data online. There has been response from NASA officials about these hacking incidents whatsoever

Clearly, these two hacks which occurred only a day apart definitely substantiate the fact that NASA has a lot of catching up left to do as far as security parameters are concerned and it should not be that difficult of a job if they are willing. Otherwise NASA will surely remain a preferred target this year also.