AL leader hacked by rival party men

A local leader of ruling Awami League (AL) was hacked allegedly by his rival party men in Amtoli area under Sundarganj upazila on Monday night.

Critically injured Chandan Kumar, 45, assistant office secretary of Sundarganj upazila unit of AL, is now undergoing treatment at Rangpur Medical College Hospital.

Quoting witnesses, police said a gang of 8/10 men, equipped with sharp weapons, attacked Chandan when he reached Amtoli area around 7:30pm.

He was admitted to the upazila health complex and then shifted to the hospital.

Shajedul Islam, organising secretary of the unit, blamed supporters of local lawmaker for the heinous attack on Chandan as he always stand against his illegal acts.

At a protest meeting, Bamondanga union unit of the party demanded immediate arrest and exemplary punishment of the attackers.

No case was filed in connection with the incident as of filing of this report at 6:00pm yesterday.


Contacted, Ashrafuzzaman, officer-in-charge (Investigation) of Sundarganj Police Station, said additional police have been deployed in the area to avert further untoward situation.

Teen Who Hacked CIA Email Is Back to Prank US Spy Chief

One of the “teenage hackers” who broke into the CIA director’s AOL email account last year hasn’t given up targeting government intelligence officials. His latest victim is the Director of National Intelligence James Clapper, Motherboard has learned.

A group of hackers calling themselves “Crackas With Attitude” or CWA made headlines in October, hacking into CIA Director John Brennan’s email account and apparently getting access to several online tools and portals used by US law enforcement agencies.The hackers’ exploits prompted the FBI to issue an alert warning government officials of their attacks.

One of the group’s hackers, who’s known as “Cracka,” contacted me on Monday, claiming to have broken into a series of accounts connected to Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement. When they gained notoriety last year, Cracka and CWA claimed their actions were all in support of the Palestine cause.

“I’m pretty sure they don’t even know they’ve been hacked,” Cracka told me in an online chat.

But Brian Hale, a spokesperson for the Office of the Director of National Intelligence, confirmed the hack to Motherboard on Tuesday.

“We’re aware of the matter and we reported it to the appropriate authorities,” Hale said, declining to answer any other questions on the record. (The FBI did not respond to a request for comment.)

Cracka, or whoever is pretending to be him, taunted authorities on Twitter (the hacker used a new Twitter account, not the same one he used at the time of the Brennan hack. But the hacker also is in control of a chat app account who’s been using to communicate with me since last October).

Cracka provided me with what he claimed to be Clapper’s home number. When I called it on Monday evening, I got an answer from Paul Larudee, the co-founder of the Free Palestine Movement. Larudee told me that he had been getting calls for Clapper for the last hour, after an anonymous caller told him that he had set Clapper’s number to forward calls to him. Larudee said that one of the callers said he was sitting in Clapper’s house next to his wife.

According to public records, the phone number does belong to James Clapper’s household. Cracka also provided another number, a cellphone, which he said belonged to either Clapper or Clapper’s wife, Susan. When I called, a woman picked up and I asked if this was Susan Clapper. The woman responded that Susan wasn’t there, but that she’d tell her to call me back. But nobody ever did.

Cracka also claimed to have gotten into Susan’s Yahoo email account, as well as Clapper’s email account. He provided a series of screenshots to prove he had control of their Verizon FiOS account, as well as Susan’s Yahoo account. Motherboard couldn’t independently verify the authenticity of the screenshots.

The hacker also sent me a list of call logs to Clapper’s home number. In the log, there was a number listed as belonging to Vonna Heaton, an executive at Ball Aerospace and a former senior executive at the National Geospatial-Intelligence Agency. When I called that number, the woman who picked up identified as Vonna Heaton. When I told her who I was, she declined to answer any questions.

“A journalist? Oh my gosh” she said, laughing uncomfortably. “I have somebody on the line, I’m sorry, I have no insight into that. But that’s really unfortunate, have a great day.”

“I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine.”

Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, said that this looks “more of a social engineering hack than a real hack,” but also added that “every serious hack starts with social engineering.”

Adams also said that it’s “insane” that Clapper doesn’t do more to hide his home address and phone number (both can be found with a Google search).

“If I’m the Director of National Intelligence of the United States of America nobody is going to know where the fuck I live, nobody is going to have my goddamn phone number or address address,” Adams told me in a phone interview.

On Tuesday, Cracka asked me not to name him in the article, saying he “doesn’t like the attention.”

“You Asked why I did it,” he added. “I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine.”

Data security firm predicts ISIS will emerge as a hacking force

A Milwaukee cyber security software firm has made predictions for potential computer attacks in the U.S. and the forecast is downright scary.

Among the predictions issued Tuesday by PKWare, a provider of what it markets as “smart encryption” software:

■ISIS will breach a major corporation. “We believe that ISIS will dramatically increase their cyber capabilities to target corporate America and other vulnerable Western entities and organizations,” PKWare said in a statement discussing its predictions.

■A U.S. presidential campaign will be hacked: “Political campaigns have mountains of unsecured data that is ripe for hacking,” according to the PKWare statement. “As a result, we believe a U.S. presidential campaign will experience a major cyber-attack before the general election in November.”

■The U.S. electric grid will be attacked. PKWare isn’t the only one forecasting such an attack. “…So many attackers have stowed away in the systems that run the U.S. electric grid that experts say they likely have the capability to strike at will,” the Associated Press reported in December.

PKWare, which invented the .ZIP file compression standard, is also predicting:

■U.S. law enforcement will be breached. “From body cameras to police databases, cyberattacks against law enforcement could become widespread in 2016,” according to the company’s statement.

■Healthcare devices will be compromised. “With the rise of connected devices in the healthcare industry, it is inevitable that we will see a rise in cyber-attacks against the medical community,” PKWare said in the statement.

“With over 30,000 businesses and 200 government entities as our customers, we have a unique view into future staging grounds for attacks,” said V. Miller Newton, PKWare CEO and president, in the statement. “Based on what we’re seeing right now, 2016 will see significant and dynamic cyberattacks on American interests.”

“The new generation of attacks aspire to cause widespread disruption and fear, across entire industries, populations and geographies, by exploiting significant gaps in data protection,” Newton added in the statement.

Since the company began making breach predictions in January of 2011, PKWARE says it has been more than 95% accurate in forecasting cyber-attacks on American interests.

“We release our breach predictions twice each year, and we do this as a public service,” Newton said in the statement. “We’re trying to call attention to the fact that these attacks are causing significant damage to our nation – and that they’re largely preventable.

“If we’re going to win today’s emerging cyberwar, our government, businesses and citizenry must get serious about protecting our data.”

Cyber Threats 2016: Killer Robots, US Presidential Race, Critical Infrastructure, Mobile Payments …

As cybercrime evolves to blur and 2016 may see hackers rise in prominence as they target individuals, governments, businesses and connected devices to steal data, knock competitors offline and, in some of the most extreme cases, cause real-world damage that could lead to fatalities.

As consumers increasingly store everything from money to memories in the cloud, criminals are similarly putting their resources and efforts into targeting online networks. During the past 12 months we have seen hugely embarrassing data breaches like the one on adultery-promoting site Ashley Madison and at the U.S. Office of Personnel Management. We also saw connected devices — including guns and cars — being hacked, and the emergence of a new and highly-sophisticated hacking team called Equation Group, which was uncovered by researchers at Russian security company Kaspersky Lab and subsequently linked to the NSA .

International Business Times truned to some of the world’s foremost experts on cybersecurity to outline eight of the biggest threats and trends that may emerge over the next 12 months:

U.S. Presidential Race

David Gibson from Varonis says: “In 2016, a cyberattack will strike the campaign, causing a major data breach that will expose donors’ personal identities, credit card numbers and previously private political preferences.”

Besides facing their own cybersecurity threats on the campaign trail, the candidates will also be discussing cybersecurity as it relates to battling terrorism — following the Paris and San Bernardino mass  shootings and the encryption debate they ignited.

While many derided Donald Trump’s recent assertion that Bill Gates could help turn off dark sections of the internet where terrorists communicate, his stance hasn’t yet dented his standings in the polls. The GOP front-runner has, however, incurred the wrath of Anonymous hacktivists, who have used crude attacks to knock some of his websites offline in recent weeks — and that’s likely to continue.

OpTrump: Anonymous Target Donal Trump Over Muslim CommentsMembers of the hacktivist group Anonymous have targeted presidential candidate Donald Trump after he called for a ban on all Muslims entering the country. Photo: Getty Images/Sean Rayford

Besides attacks on candidates and campaigns, we’ll likely see cyber criminals exploiting the interest in the race via election-related phishing emails designed to lure victims into downloading malicious attachments or visiting compromised websites.

“Expect lures made to look like political party or candidate email, advocating an online petition or survey about  specific election issues, linking to a supposed news story, or relaying information about voter registration or debates,” security company Websense says in its 2016 Predictions report. 

Year of Extortion

Meanwhile, cyberattackers are getting better at preying on victims’ fears. By tailoring attacks to trigger known anxieties, a cybercriminal has a much higher chance of success. Thus we’ve seen the rise of ransomware, where people are scared into paying a fee to unlock their files rather than reporting the attack to authorities — and in 2016 this trend will continue.

“In 2016, online threats will evolve to rely more on mastering the psychology behind each scheme than mastering the technical aspects of the operation. Attackers will continue to use fear as a major component of the scheme, as it has proven to be effective in the past,” Trend Micro says in its 2016 Security Predictions report.

And attacks can be more precise. In the coming year, criminals will zero-in on specific individuals or businesses with attacks, seeking to undermine their reputation and extort money from them. With some identities now stored almost entirely online, the risk of having your biggest secrets exposed has grown exponentially and in 2016 expect to see criminals take advantage of that.

The Rise of iOS Malware

Before 2015, there was little evidence of successful attacks on devices running Apple’s iOS software, but in the past year we’ve seen a number of significant attacks , including XcodeGhost and YiSpecter.  And while the ecosystem remains much safer than Google’s Android OS, 2016 could see attack levels increase significantly.

App Store XcodeGhost MalwareApple has removed malicious apps from its App Store in what is the first major security breach of the company’s software store. Photo: Reuters

The reason for the increase is pretty simple. “If you view attackers as rational economic actors, investment in targeting iOS is logical, given Apple’s growing smartphone market share,” says Kevin Mahaffey, co-founder and CTO of mobile security specialists Lookout.  

While Mahaffey doesn’t see widespread malware attacks taking place from the App Store, criminals will target a very specific subset of iPhone and iPad users: businesses. “We foresee growth in enterprise-targeted iOS attacks given the large amount of data stored on and accessible to enterprise mobile devices and the high prevalence of iOS devices in enterprise environments,” Mahaffey says. 

Rise Of The Killer Robots

With everything from cars to kettles now being connected to the internet, the attack surface for criminals is increasing exponentially, with Trend Micro predicting that in 2016 at least one “consumer-grade smart device failure will be lethal.”

Smart-connected home device shipments are projected to grow at a compound annual rate of 67 percent over the next five years, and are expected to hit almost 2 billion units shipped in 2019 — faster than the growth of smartphones and tablet devices. The problem?  There is little standardization, a wide range of operating systems, and an almost complete lack of regulation for smart devices. While there is no sign of a large-scale hacking attack, the Wi-Fi and Bluetooth networks these devices use will become clogged as gadgets fight for connections. This will, in turn, cause mission-critical tasks to suffer.

“The likelihood that a failure in consumer-grade smart devices will result in physical harm is greater. As more drones encroach on public air space for various missions, more devices are used for healthcare-related services, and more home and business appliances rely on an internet connection to operate, the more likely we will see an incident involving a device malfunction,” Trend Micro’s report says.

Mobile Payments

2015 was the year Apple Pay, Samsung Pay and Android Pay all hit the mainstream. While these provide consumers with a (mostly) fast and efficient way to pay for goods and services, they also offer a huge opportunity for hackers looking to steal people’s money.

Samsung PayOwners of cheaper Samsung phones will soon be able to use Samsung Pay, the company announced. [Pictured: A person demos Samsung Pay on August 13, 2015 in New York City.] Photo: Donald Bowers/Getty Images for Samsung

“As adoption and the types of transactions capable on mobile phones increases, malware authors will also increase their efforts to steal from a digital wallet,” security company Websense claims in its predictions for 2016.

Internet Of Things

While the threat from a smart fridge or a connected lightbulb might be seen as low, when the smart home now consists of internet-connected smart locks and security cameras, the risks posed by hackers increase greatly. “Attackers can exploit the abundance of soft targets in many ways: from running malware that participates in DDoS attacks and spreading spam, to running proxies, scanning other machines, or — in the worst case — acting as a leverage point for compromising all other devices on the local network,” security company Imperva says in its annual predictions report.

While Mahaffey says Internet of Things and wearable devices are still not a priority for cybercriminals — with the exception of industrial IoT (e.g., manufacturing, the smart grid, nuclear facilities) — some predict that 2016 will see the first example of businesses being breached by a wearable:

“With the emergence of wearables in the enterprise, 2016 stands to be the year of the first breach, or network intrusion, caused by a wrist-bound device,” Yorgen Edholm , CEO of Accellion, says. 

Critical Infrastructure

We are only into the second week of 2016 and already we have seen the first — and most worrying — example of what is likely to be a significant threat throughout the next 12 months. A power outage in Ukraine by a Russian hacking group called Sandworm is the first known case of a blackout induced by a cyberattack and could presage a year of significant problems for states around the world.

Ukraine powerA mobile gas turbine generator, which was turned on due to recent power outages after pylons carrying electricity were blown up, is shown in the settlement of Stroganovka, Simferopol district of Crimea, Nov. 22, 2015. Photo: Reuters/Pavel Rebrov

Security company Imperva says it “is only a matter of time before terrorists build cyberweapons” that will attack critical infrastructure. The primary targets for cyberweapons are industrial control systems and, according to Leo Taddeo from Cryptzone, a former special agent in charge of the cyber division of the FBI’s New York office, the same hackers who targeted the power grid in Ukraine have been monitoring similar systems in the U.S.

Traditional security measures such as firewalls and antivirus are not good enough to prevent these attacks, with experts suggesting that tight identity and access management as well as network traffic flow management are critical to preventing the malware from spreading from workstations to vital control systems.

Cyber Insurance

With the proliferation of cyberattacks against the enterprise, one of the biggest trends of 2016 will be companies protecting themselves against the theft of customer data. “The cyber insurance market will dramatically disrupt businesses in the next 12 months,” says Carl Leonard, the principal security analyst at Raytheon Websense Security Labs. “Insurance companies will refuse to pay out for the increasing breaches that are caused by ineffective security practices, while premiums and payouts will become more aligned with the actual cost of a breach.”

In the coming 12 months, the requirements for cyber insurance will become as significant as regulatory requirements, impacting on businesses’ existing security programs, and companies will need to show how their technical solutions have reduced risk. “This is a significant shift from the current paradigm that often highlights implementation over efficacy, and a lot of security vendors won’t be happy,” Mahaffey says.

Fans of UK EDM beat combo Faithless hacked

Hackers have hit Faithless fans in the privacy department

THE WEBSITE of electronic dance music band Faithless has been breached, presumably by people who like folk music or really want to exploit people who like to dance in fields.

Faithless, in case you missed it, has caused hands to go into the air since the 1990s. This week it is more palm to face, as a potential breach may have affected some 18,000 fans. Worse still, especially if those people have Insomnia problems, they are still at risk.

Security firm CyberInt took its concerns about this to The Independent, which reported that the breach was uncovered after membership information popped up for sale on the dark web.

“We have a system that collects cyber threat intelligence in real time, and as part of our work we uncovered a Faithless database being sold on the dark web, and we flagged it up with them,” Elad Ben-Meir, the company’s vice president of marketing, told the paper.

“I think they fixed the issue but they didn’t quite go out and tell anyone that, so that leaves the fans, about 18,000 people, unaware that their private information has been compromised.”

Faithless, described by The Independent as “pioneers in British dance music”, probably has a lot more than 18,000 fans, but these are the ones who have aligned themselves to the official Faithless website.

We checked the site out. It is fancy and automatically plays a song by the band. This is a good thing. We could not see any advice about passwords or the need to change them, and we soon got confused by the music and the bright colours.

We have attempted to engage with representatives from the band over Twitter. We can say the same about CyberInt. We are waiting for responses from both. µ

BlackBerry suffers security blow, emails hacked by Dutch police

A Dutch police unit today revealed that it has been able to decrypt emails sent on BlackBerry smartphones – allowing police to read messages – despite the Dutch government’s stance against encryption backdoors.

More bad news is certainly not welcome for BlackBerry, which prides itself on providing customers with secure devices and is struggling to stay afloat in a world dominated by the likes rivals of Apple and Samsung.

A spokeswoman told the BBC: “We are confident that Blackberry provides the world’s most secure communications platform to government, military and enterprise customers.

“However, we can’t comment on this claim as we don’t have any details on the specific device or the way that it was configured, managed or otherwise protected, nor do we have details on the nature of the communications that are claimed to have been decrypted.”

It is believed that the tests – conducted by The Netherlands Forensic Institute (NFI) – were carried out on PGP BlackBerrys, a device advertised as being specifically aimed at keeping data secure.

Greg Aligiannis, senior director of security at encryption company Echoworx commented:  “This news completely contradicts the Dutch government’s stance against backdoors, and is likely to concern the public – not to mention BlackBerry customers – who have been led to believe that their privacy is a fundamental right within a democrsamatic society. Just because it’s law enforcement decrypting personal communications, this shouldn’t make people feel at ease with the situation. Ultimately, an entrance is an entrance for everyone, including cyber criminals.

“Data privacy has become a much wider talking point with the introduction of the IP Bill. As more countries and government bodies follow suit, the adoption of encryption technologies will ramp up. People will start to feel that there privacy is at risk, no matter the hardware used, and start storing their data outside of the jurisdictions that are snooping on them.”

Image Credit: Shutterstock / Pieter Beens

Leave a comment on this article

SBI, Axis Bank wallet apps hacked to siphon off crores

BENGALURU: City’s cyber-crime police attached to the Criminal Investigation Department (CID) have arrested seven persons including a deputy manager with Axis bank’s Peddapalli branch (Kareemnagar, Telangana) for allegedly hacking the wallet apps of Axis bank (LIME) and State Bank of India (Buddy).

The arrested persons are: G Gopikrishna Niranjan Reddy, deputy manager of Axis bank, 30, G Veerabrahmam, 23, CK Ramana, 27, Nageshwara Reddy, all from Kareemnagar and CS Kiran, 33, CS Padmaja, 35, and N Ramesh, 30, from Srinivasapura, Kolar.

Last year, many Axis bank account holders, mainly from Mysore and Tumakuru in Karnataka, had filed police complaints reporting loss of cash from their accounts.

The case was transferred to the Cyber crime wing of the CID last year. The team finally zeroed in on the accused after tracking their mobile, internet and other devices.

According to police, Nageshwara Reddy along with Veerabrahmam, had obtained duplicate SIM cards of complainant’s registered mobile number with the bank, from Vodafone, BSNL, Aircel and other stores across the state, by submitting fake documents and also changed the plan from prepaid to postpaid. Later, the accused transferred the amount to different mobile numbers using mobile banking and the LIME wallet options of Axis bank and later withdrew the amount from Axis bank ATMs.

Ramesh, Kiran and Padmaraj helped Nageshwara Reddy and his accomplices in obtaining more than 100 fake SIM cards, which were used in committing the crime, the police said.

The mobile services providers issued duplicate sim cards without proper verification of the original user. Reliance has allegedly provided more than 100 SIM cards to the accused, the police said. Following the complaints, Axis Bank has stopped operating its LIME application.

CID IGP Hemanth Nimbalkar said that a special cyber police team has been formed to investigate into the matter. “CID-Dy SP MD Sharath and his team tracked the internet path used by the miscreants to hack the bank accounts. Using the duplicate SIM cards, the accused got new OTP (One Time Password) of nine customers from Karnataka and siphoned around Rs 25 lakhs from their accounts. We suspect that the gang has conned more victims and are continuing the investigation,” he added.