International Conference on Cyber Security (ICCS) 2012 : Protecting the Cyber World

Since 2007, the ZeuS Trojan has infected almost 4 million computers in the United States alone. It can collect data on forms and documents, take screen shots, steal passwords, and give remote access to the host computer. Financial losses due to the ZeuS Trojan are estimated at up to $60 million. What’s really worrisome, however, is that ZeuS can change its signature and avoid detection by current antivirus solutions. According to Deloitte & Touch LLP principal and ICCS 2012 speaker Rich Baich, there are at least 26 known variants of the ZeuS Trojan, but there may actually be hundreds that haven’t yet been identified.

The third annual International Conference on Cyber Security: A White Hat Summit (ICCS 2012), a joint effort between the Federal Bureau of Investigation and Fordham University, brings together global leaders from law enforcement, industry and academia at Fordham’s Lincoln Center campus from January 9 through 12, 2012. ICCS 2012 will be an unparalleled opportunity for a first-hand look at critical intelligence on cyber crime and security—including details of real life operations. The conference will include three days of lectures, panel discussions, sponsor presentations, exhibitions, and exceptional networking opportunities.

Among the experts presenting at ICCS will be:

• Howard A. Schmidt, special assistant to the president and cybersecurity coordinator: keynote address;
• General Keith B. Alexander, commander, U.S. Cyber Command, director, National Security Agency/Central Security Service, will deliver the special keynote address;
• Thomas Ryan, co-founder and managing partner, Provide Security: When Hackers Attack: Protecting Your Online Identity;
• Giovanni DiCrescenzo, Telcordia Technologies: Private Information and Cryptography—How Private is It?;
• Angelos Stavrou, professor of computer science, George Mason University: Smart & Mobile Devices in Foreign Wars: Locking Down Linux, Software Apps, and Communications;
• See the ICCS program for more details: http://www.iccs.fordham.edu/program/2012-program-schedule

PRESS CREDENTIALS—All journalists will be required to submit a valid government ID and proof of employment/assignment (ID or letter) from their respective outlets. Holders of NYPD Press Credentials should also submit those. All photographic, audio and video equipment will be checked by security before admission to the venue (journalists should arrive 15 minutes in advance of the session(s) they want to attend to allow for checks).

Founded in 1841, Fordham is the Jesuit University of New York, offering exceptional education distinguished by the Jesuit tradition to approximately 14,700 students in its four undergraduate colleges and its six graduate and professional schools. It has residential campuses in the Bronx and Manhattan, a campus in Westchester, the Louis Calder Center Biological Field Station in Armonk, N.Y., and the London Centre at Heythrop College in the United Kingdom.

Contact:
Bob Howe, Fordham University
(212) 636-6538, howe@fordham.edu

Visit http://www.iccs.fordham.edu/ for more details on ICCS 2012, including a full schedule.

- Related FBI podcast

Israel treating hackers like terrorists

The message from Deputy Foreign Minister Dany Ayalon came after a self-defined "Saudi hacker" from a cabal known as "group-xp" published details of more than 6,000 Israeli credit cards online that "The US has announced that any attack on its cybernetic space would be considered a declaration of war and that it would go as far as firing missiles to respond to such an attack. This is a good criterion for us all".

Israel said that it will respond to cyber-attacks in the same way it responds to violent terrorist acts, by striking back with force against hackers who threaten the Jewish state.

Almost immediately after an Israeli computer expert declared the hacker's true identity to be 19-year-old Mexican waiter Omar Habib, the Israeli website Ynet claimed the real hacker contacted them via email to mock the false identification.

“If a stupid student thinks he can find me (within) 8 hours of work, what will Mossad do? But I'm still here and no one can find me, make sure, no worries,” said by Saudi hacker 0xOmar.

"It is necessary to send a message to everyone who attacks or tries to attack Israel, including in cyberspace, that they are putting themselves in danger and that they will not benefit from any immunity against reprisal actions from Israel" Ayalon said.

After examining the details, Israel's major credit card companies said only 14,000 valid cards had been exposed.

A Diamond in the rough – Arfa Karim.

 When you hear the name “Arfa” you think of what it stands for, it stands for “greatness”, and that is what people around the world know Arfa Karim as, a young girl that stood as a pinnacle example of greatness and nothing less. She was the light of hope in our otherwise dark abyss.

What can simply be described as a tragic loss for Pakistan Arfa Karim passed away Saturday night on 14^th of January 2012 at the age of sixteen after suffering from an epileptic seizure and cardiac arrest she had been admitted for 26 days in intensive care at the Combined Military Hopsital (CMH) Lahore.

Born in 1995 Arfa Karim was the youngest Microsoft Certified Professional (MCP) she was given the honor of the World’s Youngest Microsoft Certified Professional when she was only 9 years old in 2004. Bill Gates, the Chairman of Microsoft, invited Arfa to visit the Microsoft Headquarters in the US at the age of 10.

Soon after Arfa was also honored by the Pakistan Government for the Fatima Jinnah Gold Medal in the field of Science and Technology in August 2005, which she received from former Prime Minister Shaukat Aziz. She was also honored with Salaam Pakistan Youth Award which has been set up buy our own Nobel laureate Dr. Abdul Salam, in the same year. In addition, Arfa even won the Presidential Award for the Pride of Performance.

Arfa represented her country Pakistan in a variety of international forums; she was also invited as an honorable guest by the IT professionals of Dubai for a two weeks stay.  During that trip, Arfa was awarded with a number of medals and awards from various tech societies and computer companies in Dubai.

And as if that wasn’t enough proving that the sky is the limit Arfa perhaps took the phrase literally and at the age of 10 was certified for flying a plane at a flying club in Dubai.

Arfa also participated in Microsoft’s keynote sessions in the Tech-Ed Developers Conference “Get ahead of the Game” in Barcelona, in 2006 she was the only Pakistani among 5000 developers in that conference.

Arfa had big dreams for Pakistan, she wanted Pakistan to become one of the top leading countries of the world in the field of Science and Technology, and she wanted to create Digicon Valley in Pakistan which similar to the Silicon Valley in India.

I believe that Arfa hasn’t gone, she is still lives in our hearts, and always will.

She’ll Meet You at the Gate

© Barbara Bailey (re-written by Mir Alidanish Ellahi)
“A beautiful garden now stands alone,
missing the one who nurtured it till it was fully grown,
But now she is gone,
Her flowers still bloom, and the sun it still shines,
Yet we’re so ignorant that we wait for a sign,
the rain is like tear drops, from the ones left behind,
The weeds lay waiting to take the gardens beauty away,
But the beautiful memories of its keeper are in our hearts to stay,
she loved every flower even some that were weeds,
So much love she would plant with each little seed,
But just like her flowers she was part of Gods plan,
So when it was her time he reached down His hand,
He looked through the Garden searching for the best,
That’s when he found Arfa, it was her time to rest,
It was hard for those who loved her, to just let her go,
But God had a spot in his garden, that needed a gentle soul,
So when you start missing Arfa, remember if you just wait,
When God has a spot in his garden, She’ll meet you at the gate….”
Arfa Karim truly a diamond in the rough.

  Written by: Mir Alidanish Ellahi

Please don't extradite Gary McKinnon

Gary McKinnon, a Scottish systems administrator and hacker who has been accused of what one U.S. prosecutor claims is the "biggest military computer hack of all time" by hacking into the Pentagon, faces an ordeal of terrifying brutality if he is extradited to the United States. America wants to put him on trial, and if tried there he could face 60 years behind bars.


Note : Request to Every Reader ! Please Re-Tweet/Share this article if you want to Support Gary McKinnon in the fight for justice.

The mother Gary McKinnon has called for her son to stand trial in Britain claiming attempts to extradite him to the US have destroyed his life. He claims his motivation, drawn from a statement made before the Washington Press Club on 9 May 2001 by " The Disclosure Project", was to find evidence of UFOs, antigravity technology, and the suppression of "free energy", all of which he claims to have proven through his actions. McKinnon, admits the crimes but claims he was looking for evidence of UFOs in Pentagon.

McKinnon suffers from Asperger’s syndrome, a form of autism which, say campaigners on his behalf, means he is too vulnerable for extradition and should be put on trial in the UK. "What awaits Gary McKinnon if he is actually extradited to the US is unthinkable," said Gary Mulgrew, Author of "Gang of One". "Why subject a British citizen to such stress and degradation when they could and should be dealt with here in the United Kingdom?" About Gary Mulgrew's Book : Imagine you’re a 35 year old, white, British, middle-class business man sentenced to three years in Big Spring, one of America’s most notorious prisons. You’ve been told that if get into any trouble, your sentence will be doubled. You’ve just said goodbye to your lawyer. You’re on your own.You are a GANG OF ONE.

McKinnon was arrested ten years ago after allegations he hacked into Nasa and Pentagon computers from his North London home, causing £450,000 damage, but he denies causing any damage. He says he spent two years looking for photographic evidence of alien spacecraft and advanced power technology. US authorities want to jail him for up to 60 years. His mother Janis Sharp says her son has lived through ten years of daily terror and his mental health is continuing to decline.

Question asked to Gary McKinnon : What do you think is a suitable punishment for someone who did what you did? He replied "Firstly, because of what I was looking for, I think I was morally correct. Even though I regret it now, I think the free energy technology should be publicly available.I want to be tried in my own country, under the Computer Misuse Act, and I want evidence brought forward, or at least want the Americans to have to provide evidence in order to extradite me, because I know there is no evidence of damage."

Self Claimed Hacker - Ankit Fadia Hacked by Young Hackers Again and Again !

A self proclaimed Indian Hacker, Ankit Fadia became a favorite target of young Indian Hackers the first week of 2012. In last week, Mr. FADIA  got hacked two to three times by different young Indian hackers. Last week members of Teamgreyhat managed to breach the website of Mr.Fadia and today another Hacker, "Himanshu Sharma" with the code name “нα¢кєя” hacked the same server on which Ankit's website was hosted.

In this attack these hackers have successfully hacked into the Ankit Fadia's offcial site and exposed lots of credentials including sensitive data, student details, Database credentials (DB Name, User Name & Password) and many more. Not only was Ankit's website hacked, 2508 others sites hosted on same server also got hacked and their databases were also dumped by these young hackers. 

Ankit Fadia offers Ankit Fadia Certified Ethical Hacker (AFCEH) certificates to those who take his courses on ethical hacking, where he gives lectures on security tools, techniques and methods. Mr. Fadia also comes on national TV at MTV on a techie show called "What The Hack". Most of the time he claims that he will give a reward to  anyone who will hack him (May be in order to promote himself as the most secured hacker). Well, there are 100's of Hackers who hacked Ankit Fadia after this award was announced! So, will Mr. Ankit gives these guys a reward or he will take legal action against them ?

Last year Mr. Ankit was also hacked by Indian and Pakistani Hackers multiple times using various methods.  After being hacked then, why has Mr. Fadia not fixed all vulnerabilities ?  Is he not aware about all hacking methods ? Or may be he is not able to fix his own website? These Questions are being asked various AFCEH students, who got certification of Hacking from Mr. Fadia.

Mr. Himanshu Sharma at the age of 17, has revealed vulnerabilities for many Fortune 500 companies. He has been listed in the “Hall of Fame” for companies like: Google, Microsoft, Facebook, Apple , Samsung, India TV,IIT Bombay Rediff, Mediafire, Dreamtemplate, TemplateMonster, Channel [V], Pizzahut, Kfc, BBC, Sony and Universities like Stanford University, Virginia University and More..

Why aren’t these young hackers getting any chance to grow ? Why are they not getting a chance to present their talent? Why aren’t they able to help the nation by working for security? Most obviously, these young hackers have much more talent than any other self claimed Hackers. Moreover, Himanshu and all these hackers want to challenge Mr. Fadia on national TV. Well we know that it's a big demand by kids, but they have guts to prove themselves.

Malware Targets Bank Accounts

‘Gameover’ Delivered Via Phishing E-Mails

Cyber criminals have found yet another way to steal your hard-earned money: a recent phishing scheme involves spam e-mails—purportedly from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank, or the Federal Deposit Insurance Corporation (FDIC)—that can infect recipients’ computers with malware and allow access to their bank accounts.

The malware is appropriately called “Gameover” because once it’s on your computer, it can steal usernames and passwords and defeat common methods of user authentication employed by financial institutions. And once the crooks get into your bank account, it’s definitely “game over.”
Gameover is a newer variant of the Zeus malware, which was created several years ago and specifically targeted banking information.

How Can You Protect Yourself? - Obviously, make sure your computer’s anti-virus software is up to date. - Don’t click on e-mail attachments from unsolicited senders. NACHA, FDIC, and the Federal Reserve all say they don’t send out unsolicited e-mails to bank account holders. If you want to confirm there’s a problem with your account or one of your recent transactions, contact your financial institution directly. - Don’t accept unsolicited jobs online that require you to receive funds from numerous bank accounts and then wire the money to overseas accounts—you could get caught up in a criminal investigation.

How the scheme works: 

Typically, you receive an unsolicited e-mail from NACHA, the Federal Reserve, or the FDIC telling you that there’s a problem with your bank account or a recent ACH transaction. (ACH stands for Automated Clearing House, a network for a wide variety of financial transactions in the U.S.) The sender has included a link in the e-mail for you that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.
After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site—probably in an attempt to deflect attention from what the bad guys are doing.

But that’s not the end of the scheme: 

Recent investigations have shown that some of the funds stolen from bank accounts go towards the purchase of precious stones and expensive watches from high-end jewelry stores. The criminals contact these jewelry stores, tell them what they’d like to buy, and promise they will wire the money the next day. So the next day, a person involved in the money laundering aspect of the crime—called a “money mule”—comes into the store to pick up the merchandise. After verifying that the money is in the store’s account, the jewelry is turned over to the mule, who then gives the items to the organizers of the scheme or converts them for cash and uses money transfer services to launder the funds.
In many cases, these money mules are willing participants in the criminal scheme. But increasingly, as part of this scheme, we see an increasing number of unsuspecting mules hired via “work at home” advertisements who end up laundering some of the funds stolen from bank accounts. The criminals e-mail prospective candidates claiming to have seen their resumes on job websites and offer them a job. The hired employees are provided long and seemingly legitimate work contracts and actual websites to log into. They’re instructed to either open a bank account or use their own bank account in order to receive funds via wire and ACH transactions from numerous banks…and then use money remitting services to send the money overseas.
If you think you’ve been victimized by this type of scheme, contact your financial institution to report it, and file a complaint with the FBI’s Internet Crime Complaint Center.

Resources: 

- Scams & Safety
- More Cyber Crimes stories
- FBI Cyber Division

The Saudi hacker to Mossad "Don’t waste your time by searching for me"!

In a response to the Israeli hackers, the Saudi hacker xOmar exposed 200 Israeli credit cards and he described the Israeli hackers by idiots and he said that they published invalid credit cards.

And he asked Mossad through his website not to search for him, because they won't catch him. xOmar threatened the Israeli people by exposing 200 credit cards daily, and all of these credit cards are valid.

speaking about the latest efforts to locate his place, he said ''I've heard from some idiots saying that I am from Mexico, and another said that I am in Riyadh, and last one said that I am from Dubai" and he said to mossad in a message ''don't waste your time''

The Secretary-General of the Committee on Information and awareness of banking in Saudi banks ''Tal'at hafiz'' have told the "Arabiya.Net" yesterday that Saudi banks have now reviewed all of the data on the accounts declared by the Israeli hacker, and some of them published in the websites

He said that the Saudi banks have reviewed the accounts and found that these accounts do not belong to Saudi banks, but we must be careful when dealing with shops and commercial sites.

Complete Message by 0xOmar:

Hi
Russian intelligence closed my mail.ru email, so I have created this one. 0xOmar@gaza.net
I saw some stupids said, they've found me, one in Mexico, one in Riyadh, one in Dubai, look, let me explain my method, as I know no one can find me, I easily explain it:
I create an exploit page using a browser based exploit, I email URL and put hidden iframe to my exploit page, I infect a lot of PCs around world with my bot, my bot is coded 
in C++ all by myself, it have a functionality in addition to all features of other bots, it has an encrypted SOCKS5 protocol, I can see live bots in my administrator server, I 
use them to connect to other and from there to another and ... I do it sometimes 2 times, sometimes 4 times, it depends on my hurry. ISPs doesn't store details of connections 
on those ports, so don't waste your time, it's for Mossad.
I use a really complicated hand-made method for hiding myself, so if you reach to Dubai, Mexico, Riyadh, Minsk, Helsinki, New York, Tel-Aviv, Haifa, Tokyo, Moscow, etc. 
excellent! You found one my my poor victims.
Ok? Enough said? So stop telling my bots location to media and infecting media with false details.
My other message is to Gazza hackers who have hacked stupid Dany Ayalon's website and put a foot on his face and sent me a message.
From here, I invite all hackers of world from Islamic world to come together, it's not matter what you think, I invite all Muslim hackers to unite against Israel, the big 
enemy of all Muslims.
I invite all Arab-Muslim Hackers to unite against Israel and join this war. I also invite great Turkish hackers which hack a lot of websites daily and notify them to zone-h. 
Do you remember Gaza flotilla raid? Do not stay silent as you didn't stay before, let's do something in return. Let's fight for ourselves, for what we believe.
I invite all Muslim hackers to fight in two methods:
a) Hack Israeli military, intelligence and their contractors to extract sensitive and hidden information and publish them in internet. It could be even Israeli people data 
like what I did to credit cards
b) Hack Israeli important sites and publish your message on them
I shout to Israeli authorities and people, you are not safe from me and Muslim hackers. We'll fight all of our live against Israel, we'll harm you in any way we can.
From now, I shout to all Israeli people, daily I'll publish 200 credit cards of Israeli people. All people who's interested in fresh working credit cards, join our movement, 
subscribe to our page to receive daily 200 credit cards. Using this method, Israeli banks shred all sites in a day and people will be able to purchase all they want.
So my last message to world, let's destroy Israel and have a free Palestine without enemies.
Poor stupid asshole Israeli hackers, they killed theirself, they did their best and published 200 not working expired wrong name without CVV cards, that's nothing
I'll publish daily 200 with all details 100% working cards.
Don't force me to publish more per day

Chinese hackers deploy Sykipot Trojan targeting smart card readers used by U.S

 

Chinese hackers have deployed a new cyber weapon that is aimed at the Defense Department, the Department of Homeland Security, the State Department and potentially a number of other United States government agencies and businesses, security researchers say. A new version of the Sykipot Trojan is targeting smart card readers made by ActivIdentity, a company that provides authentication software to several high-profile agencies and businesses around the world.

According to Researchers at AlienVault, a Campbell, Calif, these attacks originate from servers in China with what appears to be the purpose of obtaining information from the defense sector: the same sector that makes extensive use of PC/SC x509 Smartcards for authentication.Smartcards have a long history of usage in the Defense Sector, for both physical and information access management, and historically have merely forced attackers to route around the smartcard authentication system through other, more vulnerable attack vectors.

Traces of Sykipot malware have been found in cyberattacks dating back to 2006, but AlienVault’s researchers say this is the first time Sykipot has compromised smart cards. The government uses smart cards to supplement employee passwords, which have proven easy to crack. By cracking smart cards, hackers eliminate the final hurdle between themselves and some of the government’s most sensitive information.

Interesting features that allow it to effectively hijack DOD and Windows smart cards. This variant, which appears to have been compiled in March 2011, has been seen in dozens of attack samples from the past year. Previous Sykipot strains have been traced to command-and-control servers in China, and the researchers said they discovered Chinese characters in a small snippet of code in this latest strain.

Android mobile internet tethering become undetectable by carriers

When the idea that your smartphone’s data connection would be able to be shared by your laptop with no additional charge, everyone seemed to be on board over the past year, carriers have started up extra costs for this and have struck down all attempts by apps to sidestep the process , until now.

What one of the most well-known hacker/developers in the world Koushik Dutta, aka Koush, has done is to create a non-market app that allows you to use your smartphone as an internet hotspot, doing so without adding costs to you beyond what that data would cost to you on your smartphone on its own. And it’s completely (nearly) undetectable by carriers.

"Over the last month, I've been working on a new app. Tether Alpha is a USB[2] tether solution for Mac, Windows, and Linux that allows you to use your phone's data connection to get internet access on your desktop or laptop." Koushik Dutta said.

"I am intentionally not providing any installation instructions, because I feel that if the app can't be set up without installation instructions, I have failed to make it easy enough to use. ;)"

ClockworkMod Tether is an alpha application that enables wireless tethering on Android devices. The difference between this and most other solutions is that it:
-- Doesn’t require the phone to be rooted
-- Doesn’t require a monthly tethering plan from your carrier
-- Will supposedly not be detectable by carriers thanks to a workaround to be implemented.

Download links:
Mac: http://download.clockworkmod.com/test/tether-mac.zip
Linux: http://download.clockworkmod.com/test/tether-linux.tgz
Windows: http://download.clockworkmod.com/test/TetherWindowsSetup.msi

The above links should automatically install the Android portion if you have USB debugging enabled on the phone, but if something goes awry, here's the Android APK, Get Here.

Koushik Dutta said, Future releases may include a Bluetooth version, as well as better client apps for all supported operating systems.