Archive
PakBugs Hackers…
July 7, 2010 will be remembered as the beginning of a fearful period in their lives. On that day, Mr. Shahid Nadeem Baloch, the Director 
of Cyber Crime Investigations for the Federal Information Agency announced the arrest of five ring leaders of the popular hacker forum "PAKBugs" in this release from the Press Information Department. Among those praised by FIA’s Director General, Mr. Zafar Ullah Khan, for their roles in the investigation are Mr. Muhammad Idress Mian, who directs the National Response Center for Cyber Crimes (NR3C), Mr. Muhammad Raza, Cyber Crime Circle sub-inspector for the Rawalpindi Police, and NR3C Technical Officers Mr. Aun Abbas, and Mr. Amjad Abbasi.
PR. No. 78
PRESS RELEASE
Islamabad 07, July 2010
Taking notice of increasing number of websites hacking/defacement cases in the country, Mr. Shahid Nadeem Baloch (PSP), Director Cyber Crimes/FIA constituted an investigation team under the supervision of Mr. Muhammad Idrees Mian, Additional Director NR3C/FIA Cyber Crime Circle Rawalpindi/Islamabad. Mr. Muhammad Raza, Sub-Inspector of Police Station Cyber Crime Circle Rawalpindi/Islamabad with assistance of Technical Officers of NR3C Mr. Aun Abbas and Mr. Amjad Abbasi taking a prompt action carried out a detailed investigation. FIA team unearthed notorious hackers’ group namely “Pakbugs” and arrested five (05) hackers belonging to this group from various parts of the country while taking the computers and other related equipment involved in various Cyber Crimes into possession. This group is involved in hacking/defacing thousands of websites belonging to various government/non-government organizations and international organizations also. Mr. Zafar Ullah Khan (PSP), the Director General Federal Investigation Agency appreciated the achievements of the team.
Details of these hackers are given below:
1. Jawad Ehsan alias Humza, located in Riyadh Saudi Arabia, still at large
Nick Name: ZombiE_KsA
Membership: Pakbugs (Founder)
Total Defacements: 169 of which 69 single ip and 100 mass defacements
2. Ahmad Hafeez, arrested from Lahore
Nick Name: vergil
Membership: Pakbugs (as moderator), Pakhaxorz (as moderator)
Total Defacements: 480 of which 157 single ip and 323 mass defacements
3. Hassan Khan, arrested from Peshawar
Nick Name: x00mx00m
Membership: Pakbugs (Co-founder)
Total Defacements: 8697 of which 646 single ip and 8051 mass defacements
4. Farman Ullah Khan, arrested from Bannu
Nick Name: Farman
Membership: Pakbugs (as VIP-member)
Defacements details could not be retrieved.
5. Malik Hammad Khalid, arrested from Rawalpindi
Nick Name: inject0r
Membership: Pakbugs (as super moderator)
Total Defacements: 134 of which 82 single ip and 52 mass defacements
6. Taimoor Zafar Bhatti, arrested from Rawalpindi
Nick Name: h4v0c-
Membership: Pakbugs (as super-moderator)
Total Defacements: 105 of which 36 single ip and 69 mass defacements
FIA Cyber Crimes Department have also identified hackers with nick-names BiG^Smoke, Cyber-Criminal, spo0feR and [a], who have committed a large number of cyber crimes.
These individuals have expertise in following techniques:
1) Linux
2) SQL Injection
3) Trojan horses
4) Phishing
5) Rooting
6) Access to various servers
7) Botnets
8) PHP Scripts
9) Stealers
10) ASP scripts (self writing)
11) JSP scripts (self writing)
12) Key loggers
13) Credit Cards Jacking and usage of stolen Credit Cards
Source: Online, http://www.pid.gov.pk/press07-07-2010.htm
Top Ten Hackers
The more we rely on technology, the more power hackers potentially have over us. Whether their intention is to help or to harm, hackers have the power (like it or not) to change the world. They may inspire fear, but over the years, we’ve learned a lot from their snooping and stealing.
No. 10 – The Deceptive Duo
In 2002, the Deceptive Duo (really 20-year-old Benjamin Stark and 18-year-old Robert Lyttle) were responsible for a series of high-profile break-ins to government networks, including the U.S. Navy, NASA, FAA and Department of Defense. Like so many other hackers, California-based Lyttle and Florida-based claimed they were merely trying to expose security failures and protect Americans in a post-911 world. The two hackers posted messages, left email addresses and defaced Web sites in an attempt to get the government’s attention…and get the government’s attention, they did. Lyttle and Stark pleaded guilty in 2005. Stark was sentenced to two years probation, Lyttle served four months in prison with three years probation, and both were ordered to pay tens of thousands of dollars in restitution for the damage they caused.
No. 9 – Jonathan James (aka c0mrade)
On the list of computer systems you’d want to be really, really, really secure, the Department of Defense surely shows up, which makes Jonathan James’ (aka c0mrade) break-in to the DoD’s Defense Threat Reduction Agency server all the more impressive. James’ 1999 spree included not only the DoD, but NASA as well. The then 16-year-old used his purveyed access to steal software, not defense secrets, but James still got into some dangerous territory, including software used to control the International Space Station’s living environment. For his crimes, he served an abbreviated minor’s sentence of six months and also had to pledge to give up computer use.
No. 8 – Dmitri Galushkevich
When pretty much the whole country of Estonia was suddenly caught up in Internet gridlock in May 2007, the very-small-but-very-tech-savvy former Soviet Republic thought they knew who to blame: the Russian government.At the time, the two countries were caught up in a series of riots over the removal of Soviet-era statues, but now it had gotten serious. The weapon of choice? A botnet.The hackers responsible for the cyberterror hijacked computers and used them, en masse, to overload servers across the country. ATM machines didn’t work, Web pages didn’t load, government systems were shut down.It took weeks for Estonian officials to untangle the mess and even longer for them to find the culprit: Dmitri Galushkevich, a 20-year-old ethnic Russian living in Estonia. Was he working alone? Unclear, but for wreaking this havoc, Galushkevich was fined 17,500 kroons. Or about $1,620.
No. 7 – Kevin Poulsen (aka Dark Dante)
Today, Kevin Poulsen is an editor at tech-savvy Wired magazine, but back in the 1980s, he was just your average phone-phreaking, Porsche-driving hack.Poulsen gained some notoriety for a clever prank he played on Los Angeles radio station KIIS, in which he rigged the phones to allow only him to get through and win a trip to Hawaii and the aforementioned Porsche.Known as Dark Dante, Poulsen also took on more serious targets. His break-in to the FBI’s database eventually led to his 1991 arrest and five years prison time. Since then, he’s gone respectable, retiring to the editor’s chair and using his cybersleuth powers for good deeds, like tracking sex offenders on MySpace.
No. 6 – John Draper
Draper is pretty much the granddaddy of hackers.Back in the early 1970s, he was the king of "phone phreaking," meaning he was playing the phone company. Back in the pre-Internet, pre-personal computer days, the phone system was the big computer to beat and Draper did it well.Draper’s breakthrough came when he and a friend realized that a toy whistle, a giveaway in a breakfast cereal box, emitted the same frequency as the tones used by AT&T switches to route phone calls.Building off that, Draper made homemade devices, "blue boxes" that could get you all the long distance calls you wanted…for free. What did all this get him? Some time in prison, as well as the attention of Apple co-founder Steve Wozniak, who wanted to get in on phone phreaking himself. Draper went on to write one of the first word-processing programs, EasyWriter, but now specializes in, go figure, security.
No. 5 – Raphael Gray (aka Curador)
Raphael Gray called himself a saint, insisting he was only trying to help e-commerce sites when he broke into their databases to steal credit card numbers and personal information from 26,000 or so American, British and Canadian customers in 2000. The then-18-year-old Welsh teenager insisted he was merely trying to draw attention to lax online security systems. So, if he was really just trying to help, then why did he post the card numbers online? Well, that’s another question.Gray was sentenced in 2001 to three years of psychiatric treatment.
No. 4 – Gary McKinnon (aka Solo)
Scottish-born, London-based hacker McKinnon wasn’t just in it for fun; he had a political axe to grind.Conspiracy-theorist McKinnon broke into computers at the U.S. Department of Defense, Army, Navy, Air Force and NASA sometime in 2001 and 2002. What exactly was he looking for? Evidence of really fuel-efficient alien spacecraft, for one.No joke.McKinnon believes the U.S. government was hiding alien technology that could solve the global energy crisis. Now, in the process of snooping around for this stuff, the self-taught hacker concedes he may have deleted a whole bunch of other files and maybe some hard drives as he attempted to cover up his tracks. Nothing significant, he insists.The U.S. government begs to differ, claiming McKinnon’s hack job cost them $700,000 to fix. They also kind of doubt the whole UFO story and wonder if his snooping had more earthly intentions. Back in the U.K., Gary’s lawyers insist that their client, who suffers from Asperger’s Syndrome, deserves special mental health considerations.Gary himself has become a cause celebre, with his pending extradition being protested by celebrities like Sting.
No. 3 – Adrian Lamo
It’s true that companies sometimes hire hackers to test their systems for weaknesses, but no one ever hired Adrian Lamo.In 2002 and 2003, Lamo broke into several high-profile targets, just for kicks. He then told the targets what he had been able to do and how he did it. How kind of him. Lamo’s targets included Microsoft, Yahoo and the New York Times, where he inserted his contact info into their database of experts.Known as "the homeless hacker," Lamo slept in abandoned buildings and hacked via laptop from Internet cafes and public libraries. His network-busting technique of choice involved going in through the out door, entering sites through proxy access, a setup that corporations often use to let their computers connect out to the Internet. That led to his arrest in 2003.Lamo served two years probation and now works as a tech journalist.
No. 2 – Kevin Mitnick
Kevin Mitnick started out just wanting a free ride on the bus.He came a long way from his hacks into the Los Angeles metropolitan bus system and early dabbling in phone fraud. Mitnick went on to become the most wanted computer hacker in the country, known (and wanted) primarily for his hack into Digital Equipment Corporation’s network to steal their software.It may have been his first notable break-in, but Mitnick went on to other big targets, including cell phone giants Nokia and Motorola.Even his eventual arrest was notable: After hacking into fellow hacker Tsutomu Shimomura’s computer, Mitnick was tracked down by Shimomura and the FBI in 1995.Today, Mitnick has served a five-year sentence and come clean, but he continues to profit off his former title, authoring books and working as a security consultant.
No. 1 – Robert Tappan Morris
Even if you know next to nothing about computer viruses, you’ve probably heard of "worms." That’s because news stories about this particularly contagious (and therefore destructive) breed of virus abound.Blame Robert Tappan Morris for it all.Back in 1988, while a graduate student at Cornell University, Morris created the first worm and released it on the Internet. He claimed it was all an experiment gone awry, a test to see how big the then-new Internet was. The worm turned out to be more than a test: it replicated quickly, slowing computers to the point of non-functionality and virtually crippling the Internet. He was eventually fined and sentenced to three years probation.Since then, he’s earned his Ph.D. from Harvard and made millions designing software. Today, he’s a computer science professor at MIT. Not bad.
Thousands of Hotmail Msn Live.com Email accounts Exposed !
According to news published on bbc website
Thousands of accounts on web-based e-mail system Hotmail have been compromised in a phishing attack, software giant Microsoft has confirmed.
BBC News has seen a list of more than 10,000 e-mail accounts, predominantly originating from Europe, and passwords which were posted online.
Microsoft said it had launched an investigation.
Phishing involves using fake websites to lure people into revealing details such as bank accounts or login names.
“We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally and exposed on a website,” said a Microsoft spokesperson.
“Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.”
Quick change
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.
“We still don’t know the scale of the problem,” he told BBC News.
Technology blog neowin.net was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine and predominantly originate in Europe.
The list included details of Microsoft’s Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Mr Cluley advised Hotmail users to change their password as soon as possible.
“I’d also recommend that people change the password on any other site where they use it,” he said.
Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based e-mail service.
Verizon Data Breach Investigation: The numbers say PCI IS important
The 2009 Data Breach Investigation by Verizon is out, and I have to be honest, all I’ve had time to read so far has been pages 41-43. Why those pages? Because they’re the pages that specifically call out the statistics surrounding breaches affecting merchants who are (or should be) complying with the Payment Card Industry Data Security Standards (PCI DSS). Not at all surprising, at least to me, is that the study found that PCI compliance is important and that 81% of the companies researched in this report weren’t PCI compliant at the time of the breach. Of course, that also means that 19% of the companies breached had either self-assessed or been assessed by a QSA and were thought to be compliant at the time of the breach.
AtifKamal.Com Blog 