Sunday, 21 December 2014

Xtam4 "Mastermind" Hacker - Facts & Summary

Many groups of hackers took form under leadership of "Xtam4" in 2012 which at that time was involved in huge carding operations through his team "CWI", earning upto $20,000 dollars a day by 2013. He got nickname "Mastermind" after he planned and succeeded in attacks on Jewish Jewelery sites, Several high profile politicians and FBI Site. He is said to be "Black hat" by many hackers, but yet he didn't claimed or verified this statement.

Facts:

  • He earned upto $20,000 dollars a day in 2013. 
  • in 2014, He closed all of his carding business due to heat from Law Enforcement
  • His main Idol is Father of Organized Crime Charles "Lucky" Luciano
  • He is current boss of famous Pakistani hacking team "GForce Pakistan" aka "GForce Family".
  • At age of 12, He was already earning a name for himself in society of hacking.
He still continues to rise into 2014 and we expect more from the revolution.

Thursday, 20 November 2014

GForce Pakistan Against Its own Cyber Allies?


The well known Pakistani Hacking group, GForce Pakistan which is currently running by new alias calling themselves "GForce Family" being run by The previous Leader of CWI Syndicate have been Attacking their own Allies on the side of Pakistan. Hundreds of Pakistani Hacking Crew members have been doxed by known Associate of GForce and current controller of Black MESA Carding business on internet "Alan Alsop". The group have proved its nefarious power by striking down Pakistani groups. The known rumors have been emerged that the crew is controlling all of Credit card operations on internet. Meanwhile Xtam4 never refers to his illegal business or deeds on Internet in any of his pastes and running by a popular revolutionary figure to public.

Friday, 24 October 2014

Ministry of Culture Exploited Fingers pointed at GForce


It is believed that the attack held on October 25th on India Culture website was held by GForce Pakistan, The data was released to pastebin. It was not released from none of the official accounts of G force on Pastebin. It was uploaded by Guest. Several codes and Documents of the site were leaked.
From 2001-2002 G Force was considered the Main team that was contributing in India-Pakistan Cyber war. The team continues to dominate the internet.

Paste

Hold Security shares data to NCSC which holds 1,3 million vulnerable Dutch e-mail addresses


The National Cyber Security Centre team (NCSC) and Hold Security have setup a cooperation which allowed the NCSC to get hold of 1,3 million vulnerable Dutch e-mail addresses and 5600 vulnerable Dutch websites.
Hold Security had announced that they had gained a massive dataset of 1.2 billion credentials via vulnerable websites worldwide.
The NCSC explains that the information which they have collected holds;
  • Usernames
  • Passwords
  • E-mail addresses which are used to login at the vulnerable websites
The National Cyber Security Centre has informed their partners, which will inform the identities which are identified in the dataset.
You can read the official Dutch press release here
https://www.ncsc.nl/actueel/nieuwsberichten/ncsc-verkrijgt-nederlandse-gegevens-van-hold-security.html

Related Posts to "Hold Security shares data to NCSC which holds 1,3 million vulnerable Dutch e-mail addresses"

Shellshock: A ‘Bash’ Bug which leaves almost every user on Internet vulnerable

This is a bug which is said to be very much bigger than the previous flaw called Heartbleed, which left all the secure SSL systems vulnerable, but this time a bug is found which able to compromise your system and then able to run commands or execute any malicious program onto your computer or device.

This harmful bug dubbed as ‘Shellshock’. As I said above this is a superbug, so here is, why it is called the SuperBug:
  • Shellshock is a Bash bug and able to exploit any operating system.
  • This Bug able to send a command to the exploited system through a code.
  • The particular area, which is able to exploit the system is generally blocked, but the Bash opens all doors to the system
  • Apple Mac OS X users able to run it from their terminal, others people linux operating systems also can.
    Apple Bash Bug
  • Windows is not affected in the same way, but if a hacker exploits malicious code through the flaw, they could gain access to any device, in theory, including PCs.
  • Working Example: As an Apache Web Sever runs bash command to process task along with the data entered in the online forms.
This flaw has been revealed by the hackers previously, and they are using this to exploit million of users online, UK Privacy regulator has already warned.
In simple words, The flaw is ‘Bash’ which contained in a piece of software and that software used by the operating systems and other website servers.
At this time, there is not any critical update or any idea found by the security researchers to save millions of users online, and the the UK and US governments also have issued national alerts in response to the bug, warning that it may compromise organisations responsible for “critical national infrastructure” such as power stations if it is not rapidly dealt with.
Statement issued by The Information Commissioner’s Office (ICO):
The Shellshock flaw “could be allowing criminals to access personal data held on computers or other devices”, which “should be ringing real alarm bells” for British businesses which are legally obliged to keep their customers’ details secure.
“The worst thing would be to think this issue sounds too complicated – businesses need to be aware of this flaw and need to be monitoring what they can do to address it. Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action.”

Who found this Flaw?

This critical flaw was found on 12 September by Stephane Chazelas, a 38-year-old French software developer living in Edinburgh. This Flaw uncovered “by chance”, he said to The Independent Today.
After finding this flaw, Chazelas reported this to Chet Ramey, a 49-year-old American programmer working at Case Western Reserve University in Ohio, and he maintains the Bash source code.
One more important thing about the Bug is, it is in the market from last 25 years and there is a question on this, Is it being used by the hackers from years ago?
Reports online inform that, this bug has been fixed by the Apple, but not informed anyone about this.
If you are a website owner and using Linux servers, so always go for a routine check for any updates for your operating system.
If there is any crack or update related to this comes out, we will update this post soon, but for now, you should secure yourself, by keep watching your security updates :)

Wednesday, 15 October 2014

Crowd-Funding website Kickstarter Hacked, Customer Information Accessed by Hackers

According to Kickstarter’s blog post, on Wednesday night, law enforcement officials contacted Kickstarter and alerted them that hackers gained unauthorized access to some of it’s customers data. Kickstarter says that they took all the necessary security measures and they immediately closed the security breach.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.
While no credit card data was accessed, some information about their customers which included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords was stolen. In order to prevent upcoming hacks, the Kickstarter recommends it’s users to change their passwords as soon as possible with some strong passwords, so the hackers won’t be able to guess the real password, because them are encrypted. Right now, if the hackers who accessed the users data have enough computer power, they can crack the encrypted password.
As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.
Some security measures taken by the Kickstarter Security staff:
  • Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
  • As a precaution they have reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.
  • Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.

How Hackers Changed The World – Anonymous – We Are Legion

How Hackers Changed the World – We Are Legion is a documentary about Anonymous, a hacking documentary released by BBC. It goes in depth to describe some cyber attacks such as Church of Scientology, Paypal, Amazon, Visa, Mastercard and world governments in order to shame them for their shady actions. Anonymous attacked online payment providers when they boycotted Wikileaks, they helped to provide black market Internet connections to disseminate information coming out of the Egyptian protest movement.
anonymous-emblem
According to Wikipedia, Anonymous is associated a loosely international network of activist and hacktivist entities. The group became known for a series of well-publicized publicity stunts and distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites. You can find more details about the hackers group called Anonymous here.