Episode 616 – Weekend Wrap-up with Dr. b0n3z

Episode 616 - Weekend Wrap-up with Dr. b0n3z [ 34:13 | 15.66 MB ] Play Now | Play in Popup | Download (131)

Episode 616 – Weekend Wrap-up with Dr. b0n3z
InfoSec Daily Podcast Episode 616 for March 10, 2012.  Tonight's podcast is hosted by Dr. Bonez and Themson Mester.

Guests: aricon, connection and spridel and and oncee

Announcements:

How to Rob a Bank in 30 Days or less
When: March 14th 2012
Where: http://securityzone.co/webinar-en.html
Sign up for the webinar that will probably get b0n3z on that watchlist

Social Engineering Training
When: July 21-24, 2012

Where:  Columbia, MD
http://www.social-engineer.com/social-engineer-training

InfoSec Southwest
When: March 30-April 1
Where: Austin, TX
http://www.Infosecsouthwest.com

Linuxfest Northwest 2012
When: Saturday, April 28th-29th, 2012
Where: Bellingham Technical College – Bellingham, WA
http://www.linuxfestnorthwest.org/
CFP now open!

AIDE 2012
When: May 21-25, 2012
Where: MU Forensic Science Center
Huntington, West Virginia
http://aide.marshall.edu

LayerOne 2012
When: May 26-27, 2012
Where: Clarion Hotel – Anaheim, CA
http://www.layerone.org
CFP now open!

Security 504: Hacker Techniques, Exploits & Incident Handling – Matt Romanek

When: June 20 – 27, 2012
Where: Courtyard Seattle Federal Way, WA http://www.sans.org/mentor/details.php?nid=28014

Inside and Out of the Social-Engineer Toolkit (SET)
When: July 21 – 22, 2012
When: July 23 – 24, 2012
Where: Black Hat Vegas
http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_social_engineer_toolkit.html

Defcon 20
When: July 26-29, 2012
Where: Rio Hotel and Casino – Las Vegas, NV
http://defcon.org/
CFP & Room reservations now open!

DerbyCon 2012 – The “Deuce” Reunion
When:  September 27-30, 2012
Where: Louisville, KY
http://www.derbycon.com

Thanks to everyone that has purchased products from Amazon through the affiliate program.  If you’re not familiar with the affiliate program, simply go to http://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.

Stories

Source: http://www.infosecisland.com/blogview/20648-The-Jesters-QR-Code-Pwns-Targets-with-WebKit-Exploit.html

Anti-jihadi hacker and Anonymous/AntiSec/LulzSec nemesis The Jester (th3j35t3r) claims to have pulled a fast one on some undesirables, taking advantage of the target's curious nature and a known smartphone exploit.

"It was a highly targeted and precise attack, against known bad guys, randoms were left totally unscathed," The Jester blogged.

The operation was intended to snare unsuspecting targets The Jester had previously identified and aggregated in a database, while supposedly leaving non-targets unscathed.

"At the beginning of this week just hours before the news of Hector Monsegur’s arrest broke, many of you will have noticed that my twitter profile pic changed from the usual ‘Jester Mask’ to a QR-Code. The timing of this subtle change could not have been more favorable," Jester wrote.
…
Source: http://www.techdirt.com/blog/wireless/articles/20120308/03410718033/court-confirms-that-police-dont-need-warrant-to-do-limited-search-mobile-phone.shtml

In a court ruling that came out a little while ago (just catching up now), Judge Richard Posner took the lead in an appeals court ruling that effectively reaffirmed the idea that police don't need a warrant to search mobile phones as they're arresting someone. Of course, this general concept is not new and I've discussed my concerns about police being able to search phones without a warrant in the past — but this particular ruling does seem pretty limited. While Posner notes some of the bigger questions, he basically compares the phone to a diary, and focuses on the mere searching of basic data, like the address book, to suggest this particular search was limited, and doesn't raise any significant 4th amendment issue.
…
Source: http://torrentfreak.com/police-plans-to-raid-the-pirate-bay-120309/

More than half a decade after Swedish police officers first raided The Pirate Bay, there is talk that a second police raid against the world’s most famous torrent site is in the planning. The Pirate Bay team has learned that local authorities have acquired warrants to take action against the site, and expect that both servers and the new .se domain name may be targeted soon.

Today, the Pirate Bay team has informed TorrentFreak that a second raid is being prepared by the Swedish authorities. The site’s operators, who are well-connected in multiple ways, learned that a team of Swedish investigators is gearing up to move against the site in the future.
The suspicions were also made public by The Pirate Bay a few minutes ago.

“The Swedish district attorney Fredrik Ingblad initiated a new investigation into The Pirate Bay back in 2010. Information has been leaked to us every now and then by multiple sources, almost on a regular basis. It’s an interesting read,” the Pirate Bay crew notes.
…

Source: http://news.softpedia.com/news/Duqu-Framework-Coded-in-Unknown-Programming-Language-257343.shtml

F Sharp, Iron Python, CPLEX LIB, High-Level Assembly, LISP, Erlang are just a few of the names of programming languages in which Duqu’s framework could be written. It’s uncertain yet which one it is, but one thing is clear, the malware’s framework looks different from anything else previously analyzed by Kaspersky experts.

The researchers determined that Duqu’s Payload library (DLL) looks like a common Windows PE DLL compiled in Microsoft’s Visual Studio 2008.

“The entry point code is absolutely standard, and there is one function exported by ordinal number 1 that also looks like MSVC++,” Kaspersky Lab Expert Igor Soumenkov said.

“This function is called from the PNF DLL and it is actually the 'main' function that implements all the logics of contacting C&C servers, receiving additional payload modules and executing them.”

However, the way this logic was programmed and the tools that were utilized are mindboggling. The only certain thing is that it's an object-oriented programming language.
…
Source: https://www.adafruit.com/badges

Welcome to our BETA! Adafruit offers a fun and exciting "badges" of achievement for electronics, science and engineering. We believe everyone should be able to be rewarded for learning a useful skill, a badge is just one of the many ways to show and share. Our physical badges and stickers are for use with educators, classrooms, workshops, Maker Faires, TechShops, Hackerspaces,Makerspaces and around the world to reward beginners on their skill building journey! Our digital skill badges are the start of whatLadyada (Limor Fried) and the Adafruit team think might be "Scouts 2.0". We'll have an API more fun stuff later so everyone can join in, easy ways to make this part of a social network profile and more (XML feed for now). We hope you enjoy the first round of students and young persons who we've awarded badges to. If you know a young person who has done something amazing and shared their projects let us know! To see the "leaderboard" click here!
…
Source: http://www.fbi.gov/newyork/press-releases/2012/six-hackers-in-the-united-states-and-abroad-charged-for-crimes-affecting-over-one-million-victims
Source: http://arstechnica.com/tech-policy/news/2012/03/report-lulzsec-leader-sabu-worked-with-fbi-since-last-summer.ars
Source:
http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/
Source:
http://www.foxnews.com/scitech/2012/03/06/exclusive-inside-lulzsec-mastermind-turns-on-his-minions/
Source:
http://www.foxnews.com/scitech/2012/03/06/exclusive-unmasking-worlds-most-wanted-hacker/
Source: http://arstechnica.com/tech-policy/news/2012/03/great-personal-danger-inside-hacker-sabus-guilty-plea-hearing.ars

The hacker known as "Sabu" inspired fear in corporations and loyalty from his LulzSec/Anonymous associates, but when he showed up in a Lower Manhattan federal courtroom on August 15, 2011, he was a humbled man.
Hector Monsegur was there to plead guilty to 12 counts of hacking, bank fraud, and identity theft. Only 27 years old, he was facing a possible sentence of 122 years in prison for the charges—and he was also wanted in California (in two separate judicial districts), Virginia, and Georgia. The case was critical for the government; the US Attorney for the Southern District of New York, Preet Bharara, personally attended the hearing.
Monsegur had been arrested by FBI agents back in June after they had linked Monsegur to the "Sabu" name; agents found him operating out of a modest sixth-floor apartment in public housing. Neighbors had longcomplained about the noise and revelry from his apartment, which often went on all night long.
By August, Monsegur had agreed in principle to a plea deal with the government. He now feared for his own safety. The government, first his foe, became his protector; after all, his enemies had already correctly identified him in various Internet postings. The guilty plea hearing therefore took place in a sealed courtroom "in light of the danger to defendant," said Judge Loretta Preska in a transcript of the hearing obtained by Ars Technica.
Monsegur was polite, saying little but "Yes" and "Yes, your honor" as the the judge ensured that he was making a plea voluntarily, and that it was in his best interests to do so. The deal on offer was "a little unusual," as Assistant US Attorney James Pastore told the court. It was a "global" plea deal that applied not just to the charges brought by Bharara and his staff, but by any charges that might be filed by the other 93 US Attorneys in the country.
Monsegur would agree to help the government make its case against his former associates and he would plead guilty to a string of offenses. The government would ask for leniency, but Monsegur was guaranteed a minimum two year prison sentence, and he agreed to pay restitution. The plea deal did not cover any criminal tax violations; if Monsegur had screwed the IRS, he was on his own.

Confession

The agreement was acceptable to the court, but the judge had one further question. "And do I understand that you are offering to plead guilty because you are in fact guilty?" Monsegur answered a short "yes." And with that, it was time to confess on the record.
"Tell me what you did, sir," said Judge Preska, and Monsegur began.
All of the illegal conduct I am about to admit took place between 2010 and 2011. All of the conduct also involved the use of a computer located in Manhattan. I was not authorized to gain access to any of the computer systems involved in my offense conduct. For the conduct referred to in Counts One to Eight it was my intent to cause damage to these systems. As a result of this conduct, damages of $5,000 occurred in each instance…
I agreed with others to participate in a scheme, and I personally participated in a DoS attack on computer systems, PayPal, MasterCard, and Visa. I also participated in those attacks against computer systems of Tunisia and Algeria. In addition, I attempted to obtain information from the EAGLE server of Zimbabwe. I knew my conduct was illegal…
I agreed with others to participate in the scheme and personally participated in obtaining access to a PBS Web site and defaced it…I also participated to gaining access to computer systems used by Sony Pictures and stole confidential information… I also participated in a cyber attack on the systems of Infraguard-Atlanta… I agreed with others and personally participated in cyber attacks on the systems of HBGary and Fox resulting in a loss of more than $5,000, and I knew my conduct was illegal.
And so it went, down the list of known and suspected hacks. One surprise emerged.
"I gained unauthorized access to the computer systems of an auto supply company with the intent to defraud the company," Monsegur admitted, "and fraudulently caused about $3,456 worth of automobile motors to be shipped to myself. I knew the conduct was illegal."
He also admitted to using stolen credit card numbers to "pay my own bills" and to obtaining "names, Social Security numbers, and addresses of [bank] accounts and account holders."
Some of this involved hacking; some did not. After a moment of confusion, the judge asked Monsegur to clarify how he had obtained bank account information and Social Security numbers.
"I downloaded the PDFs of TurboTax returns that were publicly accessible over Google, and that's it," he responded. "And due to the downloading of the PDFs, I had access to the bank account information, Social Security numbers, names, and all of that."

"Great personal danger"

With that, the hearing came to a close, but it would leave no record in the court's official docket. Not only were all documents around the case sealed, but the case itself was subject to "delayed docketing." As the judge noted in her final remarks, "the facts here are sufficiently unique that it is possible that the defendant could be identified and, thus, be in great personal danger."
As Monsegur left the courthouse and stepped out into Pearl Street's August heat, he had a new secret—one that he would have to keep for the next seven months until his betrayal splashed onto the front pages of newspapers around the world.