Cat Techie

Tuesday, August 9, 2011

“Cat Techie”


“Cat Techie” book written by vaidehi sachin aka Cat Techie, journalist’s journey in hackers world. Online edition of cat techie available on www.cattechie.com. This is the best book, read and responded with maximum hits. Cattechie is hacker and Journalist.



--- You may write us on cyberterrors@gmail.com

Monday, November 29, 2010

Hacktivism Vs Terrorism


Hacktivism is the act of hacking, or breaking into a computer system, for a politically, socially or motivated by a criminal purpose. The intentions behind hacking are nothing but to harm and damage. The individual who performs an act of hacktivism is said to be a hacktivist. There are many such scavengers are around who never forget to boast their skills of hactivism. Globally there are 4,00000 community of black hat hackers, out of which 70 percent are students and between the age group of 20 to 25, 18 percent are between the age group of 15 to 20, 2percent are above the age of 30, 10 percent are grey hat hackers. And this population is of hactivists. (Read this beautiful research report in Cyber Terror) from this population 22% are only Indians,10 % from Pakistan ( details of these hactivists with pictures, code name, their addresses, and much more read in Cyber Terror)

A hacktivist uses the same tools and techniques as a hacker, but does so in order to disrupt services and bring attention to a political or social cause. For example, one might leave a highly visible message on the home page of a Web site that gets a lot of traffic or which embodies a point-of-view that is being opposed. Or one might launch a denial-of-service attack to disrupt traffic to a particular site. Whether hacktivism is a crime may be debated. Opponents argue that hacktivism causes damage in a forum where there is already ample opportunity for freedom of speech. Others insist that such an act is the equivalent of a protest and is therefore protected as a form of free speech. But in the recent past the best example of hactivism is nothing but the group of Injectors. Injectors are nothing but the black hat hackers, their intention are crood, motto is malicious and skills can be called as destructions on high profile level. But that does not mean all Injector are bad, the exploits should not be published or usage of exploits are always done for wrong reasons. I am not at all against inj3ct0rs. I regard them as most skillful and intelligent hackers. They not only penetrate in to your system or crash fire wall, they even crash your senses and penetrate your brains if you dare to go against them voicing your opinion. They are the powerful mafias and one should be even willing to lose life, because they can get your death near to you by harming physically or mentally.( One of the Hactvist from Pakistan threatened me saying he will create blogs to display my nude pictures on it. I just requested him saying use some good model’s body because I always had fantasy to look in shape with good curves on body. So dear readers if you come across any such blogs don’t forget only the face is mine but not the beautiful body below. This is another example of Hactivism)

Some people describing themselves as hacktivists have taken to defacing websites for political reasons, such as attacking and defacing government websites as well as web sites of groups who oppose their ideology. Within the hacking community, those who carry out automated attacks are generally known as script kiddies. Capacity for solo activity - while most forms of political activism require the strength of masses, hacktivism is most often the result of the power of one, or small group. Is most often carried out anonymously, and can take place over transnational borders. Critics suggest that DoS attacks are an attack on free speech; that they have unintended consequences; that they waste resources; and that they could lead to a "DoS war" which nobody will win. In 2006, Blue Security attempted to automate a DoS attack against spammers; this led to a massive DoS attack against Blue Security which knocked them, their old ISP and their DNS provider off the internet, destroying their business.


Depending on who is using the term, hacktivism can be a politically constructive form of anarchist civil disobedience or an undefined anti-systemical gesture; it can signal anticapitalist or political protest; it can denote anti-spam activists, security experts, or open source advocates. Critics of hacktivism fear that the lack of a clear agenda makes it a politically immature gesture, while those given to conspiracy theory hope to see in hacktivism an attempt to precipitate a crisis situation online. Hacktivism is a portmanteau [jargon] of hack and activism. This leads to a controversy of meaning because both the terms Hacker and Activism are both morally broad terms. Hacking has come to mean both "illegally breaking into computers" and "elegant computer programming". Activism similarly includes both explicitly non-violent action and violent revolutionary activities. which is assumed then hacktivism could be defined as "the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends". These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development. It is often understood as the writing of code to promote political ideology - promoting expressive politics, free speech, human rights, or information ethics. Acts of hacktivism are carried out in the belief that proper use of code will be able to produce similar results to those produced by regular activism or civil disobedience. The recent example is hacking FaceBook like high profile social network. Hacktivismo is an offshoot of Cult of the Dead Cow; its beliefs include access to information as a basic human right, they are the loose network of programmers, artists and privacy in an era of increased technological surveillance.

Hacktivism is a controversial term, and can often be misconstrued as cyberterrorism. What separates hacktivism from cyberterrorism is a distinctly political or social cause behind the "haction". Some argue it was coined to describe how electronic direct action might work toward social change by combining programming skills with critical thinking. Others use it as practically synonymous with malicious, destructive acts that undermine the security of the Internet as a technical, economic, and political platform. But randomly speaking they are the actual threat and terrorist of cyber space. Recently we found prominent links between underworld mafias like D company and Chota Rajan gang and hactivists. They have one common motto … destroy. There is elaborated info about this in Cyber Terror.

The Department of Defense secures its systems using world-class information security standards and layered controls, thanks in large part to an abundance of financial resources. Conversely, corporations have limited security budgets and can be weakened by merger and acquisition activity. Every leader, and every regime, and every movement, and every organization that steps across the line to terrorism must be banished from the discourse of civilized human life.


( The views expressed by the author in the blog are her own, she is not part of any group or team. you may have difference of openion, the best way is leave your comments to say good, bad and ugly about her and this post)


Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Social engineering- an act of manipulation


 “The term had previously been associated with the social sciences, but its usage has caught on among computer professionals. Social engineering" as an act of psychological manipulation was popularized by hacker-turned-consultant Kevin Mitnick.

Social Engineering is defined as the process of deceiving people into giving away access or confidential information. Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
I keep a simple mindset for this: Any stranger, who is interested in you, wants something from you, and it probably isn't you. This article is about manipulation of individuals. For social engineering in terms of influencing popular behavior, Social engineering has become passion of many hackers. There are many successful hackers they have perfect nag over this subject. To deal with these kinds of physiological attacks you need to have special skills. Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. Social Engineering is tricking people into doing something you want them to, so it's been around since the beginning of time. The person who brought it into common knowledge was Kevin Mitnick one of the most famous hackers in history wanted by the U.S. Marshalls and after a while caught by them. As his parole he couldn't profit from his experience with hacking for ten years meaning he couldn't write any books, but after the ten years he wrote the Art of Deception which is a great book and has great stories of social engineering. The idea of black ops hypnosis, also known as underground hypnosis or covert hypnosis is to manipulate other people using only your mind. The difference between this technique to that of traditional hypnosis is that, you can use black ops on covert occasions. Meaning you can use this technique on any social gathering such as meetings, parties, interviews among others. However in traditional hypnosis, the hypnotist requires an approval to let him manipulate your mind to identify the causes of your problems. There are strategies in order to be an effective mind manipulator. Of the most common technique are the Majors. This is the first black ops hypnosis invented which are comprised of four main strategies: hypnosis, neuro-linguistic programming or NLP, social Engineering, and seduction. The majors are used as a preparation to make other people (persons you are talking to) be manipulated at your own advantage. The strategies listed for the majors are divided into four arts.
These are the following: alpha functions, this is a tactic to make you the Alpha Male or Female in any social gathering through the use of the social engineering; The Iron Man Pattern on the other hand is a technique to achieve humongous chutzpah; The black mirror operation deals more on making the other person like you in a blink of an eye; and lastly, the no cleaver technique is use to let someone into a limbo without him/her knowing about it. In order to be a practitioner of the Black Ops Hypnosis, you can research the Internet or go to your library. There are a lot of hardbound books and digital books that provide information regarding this skill.But in order to achieve definite results, make sure that you are giving your 100% to learn everything regarding this infamous technique. If you are interested in learning hypnosis, I recommend Igor Ledochowski's The Power Of Conversational Hypnosis. Igor is a master of hypnosis and has taught in many seminars. Check out the power of conversational hypnosis review here. The idea of black ops hypnosis, also known as underground hypnosis or covert hypnosis, is to manipulate other people using only your mind. The difference between this technique to that of traditional hypnosis is that, you can use black ops on covert occasions. Meaning you can use this technique on any social gathering such as meetings, parties, interviews among others. However in traditional hypnosis, the hypnotist requires an approval to let him manipulate your mind to identify the causes of your problems. There are strategies in order to be an effective mind manipulator. Of the most common technique are the Majors. This is the first black ops hypnosis invented which is comprised of four main strategies: hypnosis, neuron-linguistic programming or NLP, social Engineering, and seduction. The majors are used as a preparation to make other people (persons you are talking to) be manipulated at your own advantage. The strategies listed for the majors are divided into four arts.These are the following: alpha functions, this is a tactic to make you the Alpha Male or Female in any social gathering through the use of the social engineering; The Iron Man Pattern on the other hand is a technique to achieve humongous chutzpah; The black mirror operation deals more on making the other person like you in a blink of an eye; and lastly, the no cleaver technique is use to let someone into a limbo without him/her knowing about it.
In order to be a practitioner of the Black Ops Hypnosis, you can research the Internet or go to your library. There are a lot of hardbound books and digital books that provide information regarding this skill.But in order to achieve definite results, make sure that you are giving your 100 % to learn everything regarding this infamous technique. Do you think 007 movies employ some social engineering methods in some James Bond missions? Do you know that 89.7% percent of emails coming to you about get rich quick themes are spam? The attacks are no longer just in emails, now the use of images, logos and known company names are employed. The attack exploits vulnerability in 2Wire modems allowing attackers to modify the DNS servers. Mexico is one of the largest suppliers of this type of modem. There are hundreds of thousands of them. That means, more than two million users are at risk. Many attacks are been carried out by means of social engineering, which is the practice of obtaining confidential information by manipulating legitimate users. "Users are the weak link here". Practically, the commonly used methods are achieved via the telephone, web 2.0(social networks), internet etc. The engineers, either claims to be employees of a bank or company, a colleague, a technician or a customer.
is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.While some schemes scam you into giving out social security numbers, bank account numbers or other confidential identity pieces, others are as simple as a pickpocket distracting you emotionally while another thief steals your wallet or purse. Here are what a few of the most widely used savvy cyber attacks look like:
·         Phony charitable phishing scams, many of which are designed to look as if they come from real charities. Always enter in the exact URL for the Charity that you wish to donate to rather than clicking on a link.
·         Urgent email or text notices from your bank. They tell you to click on a link to access your account to fix an important, time sensitive problem. Don’t click on a link via email. Always type in the exact URL of your your bank or call the number on the back of your card. Nothing is that urgent.
·         Nigerian Email Scam. This scam has been around for decades in different versions and states that a wealthy foreigner needs help moving millions of dollars from his homeland and promises a hefty percentage for helping him. This scheme is designed to part you with your money. Once you send a check or bank account numbers you won’t see a dime in return and most victims report losing thousands and hundreds of thousands of dollars to this scam.
·         Notices via email, phone, or mail that announce that You Have Won the Lottery! The message usually claims that you will be paid a large sum of money after you pay them a small amount now. Although this is tempting, just say no. Legitimate lotteries don’t ask you pay anything after you have already won.
·         Facebook or Twitter distress messages from your friends. If you see a friend asking for money and you are considering helping them out, you should ALWAYS call that friend first. Make sure that their account hasn’t been hacked by a thief.
·         Malware-ridden E-cards. It is sad, but true that it is no longer safe to open E-cards. Many contain malware to attack your desktop and gain access to confidential information. Make sure you have updated virus software protection to notify you of viruses that come through emails or the Internet.
·         Make fast cash now! AKA: Make thousands a day working from home! All you have to do is send $50.00 for the starter kit. More often than not people will send their $50.00 and never receive anything in return. This scam has become more popular with our nations high nemployment rate.
These are only a few of the many variations of Identity Theft through Social Engineering. Since social engineering often plays on emotions, you should be careful not to get duped during a tragedy or commemorative event. This is when people are in a mood of giving and their emotions run high.  So remember to stop and think about the possible consequences of an offer that may just be too good to be true. Never be afraid to say no! From a security standpoint, it is more a collection of tools and techniques that range from negotiation, sales, psychology and ethical hacking. While social engineering can include physical security this framework focuses on art of manipulating people to achieve a goal. Generally this goal will involve showing a company or organization where weaknesses may lie with training of their people to maintain a security focused mind. As you will see reading through this framework, the principles can be used in developing and enhancing communications, relationships and our own understanding of those we interact with.

Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Sunday, November 28, 2010

Love and Social Engineering

A love story on social sites is quite a common game. And, especially in the hackers zone this works like a miracle. Love is literary, philosophical, or some would even say metaphysical. In the history of malware, love is a virus writer whim and a well-known cybercriminal social engineering technique. Social engineering, a non-technical breach of security that relies heavily on human interaction and tricks users into breaking normal security measures, remains popular among virus writers. LoveLetter was one of the first, and most notable, examples of social engineering. It arrived as an attachment to an innocent looking e-mail containing the subject line 'I LOVE YOU' (and who doesn't like to receive a love letter?) and the body text 'Kindly check the attached LOVELETTER coming from me'. In an effort to put unsuspecting users further off their guard, the attachment had a double extension, LOVE-LETTER-FOR-YOU.TXT.vbs. Since Windows Explorer doesn't show extensions by default, it was not obvious that the attachment was anything more than a plain text file. For good measure, Love Letter also used mIRC to spread and downloaded a password stealing Trojan to the infected machine. Successful threats (from the author's point of view, that is) typically spawn further variants. LoveLetter's success, together with the fact that the VBS source code for the worm was easily accessible, led to a large number of variants in the months following its release. Loveletter showed how useful social engineering can be in spreading malware. So it's not surprising that it continues to be widely used. It arrives as an attachment to infected messages which use a range of subject headers, messages and attachment names in English. Some of the messages appear to promise tickets to the World Cup or date with Bollywood actor and who wouldn't want World Cup tickets or Date? Virus writers have been using love as theme in creating malicious codes. Whether this is attributable to the romantic nature of humanity in general or to love’s overwhelming effect on everyone, the creators of viruses would leave love messages, or traces of it, in their codes. The more famous examples include:
VBS_LOVEMONKEY, a 1999 virus that sends email with the message "Dear Nicky... my name is and I want to make hot monkey love with you. You anti-virus stud!"
•In 2000, PE_LOVESONG.998, notable for having the word "love" in its code.
•The Spanish loveletter VBS_VALENTIN.A in 2001, supposedly written by its creator to express his undying love for "Davinia, the most beautiful girl in the world." It writes files and is triggered on Valentine’s Day.
And today probably you don’t require such viruses to get in any system, just by using few expressions, one can easily win over your heart and here the vulnerability to personal info is traced.
Virus creation was necessarily fixated to notoriety. Writers might have also seen it as a medium through which they could express their thoughts to the public. The aim to cause destruction, coupled with the entertainment brought by personal expression, may have led virus writers to make their malicious files in a certain way, love unfortunately of course being everyone’s favourite topic. Poetry and romantic love are eternally linked, even in malware attacks. Virus writers who are preoccupied with using love in malware codes did not vanish altogether. They now belong to a group called script kiddies, which are considered the opposites of sophisticated hackers. Social engineering--the act of manipulating people into doing things they otherwise would not do--is an integral element of Web-based attacks. It would be almost impossible to conceive of a threat that does not try to trick online users into clicking links, downloading and installing files, or visiting dangerous sites. Love as a social engineering technique is most popular in the spamming operations of the botnet giant Storm. Known for taking advantage of every occasion and holiday known to man, Storm sends Christmas e-cards on Christmas, New Year e-cards on or before every first of January, and love e-cards during the Valentines season.The intent is to convert more zombie PCs for the bot, which would then be used for future cybercriminal activities – spamming, scamming, information theft, DDOS attacks.  The first Storm malware to send love greetings was WORM_NUWAR.CQ. The worm family gets its name from its earlier social engineering technique: sending messages about nuclear wars. In Valentines Day 2007, WORM_NUWAR.CQ made a 180-degree turn from its family’s signature technique by replacing war with love. Cybercriminals began sending love-themed malicious messages then onwards.The rise of Web threats also meant a cybercriminal move away from just malicious files and system-based threats to those that exploit the Internet as a platform. Spammed messages continued its massive volume increases and were used vectors not just for malware, but for dangerous URLs and websites as well. Legitimate websites were also compromised to lead users to malicious binaries or sites. Love maintains its status as an effective social engineering technique despite this development. From manually detected malicious URLs (phishing sites, malware download sites) during the Valentines months of January and February, 24% contained the string love, or was crafted to have references to the word.Even emerging threats use similar social engineering techniques. SYMBOS_BESELO.A– a mobile phone malware that spreads through Bluetooth and Multimedia Messaging Service (MMS) – used as file names beauty, jpg, love.rm, and sex.mp3. As cybercriminals continue to exploit the online holes they keep discovering, love would likely remain a standard luring tool. This process becomes, on the one hand, a study in human psychology: it points us to the irresistibility of love in whatever forms it may have in human affairs. On the other hand, love as a social engineering technique again exposes another crucial bug in computing systems:human frailty. The manipulation of social behaviour in an effort to create results that satisfy the opinions of bureaucrats and social managers is what characterizes the form of socialism found in most of the places. As we now enter the 21st Century, the computer age and cyber warfare is in full swing. Companies and organizations are still not fully addressing or understanding the issue of Social Engineering. The concept of Social Engineering can cause destruction to networks and cost companies millions of dollars or rupees. Here, I will try to bring to light exactly how Social Engineering exposes the vulnerabilities of Intrusion Detection Systems and what can be done to protect ourselves against these vulnerabilities.E-Mail: E-mail provides great opportunities for attackers to use social engineering. As stated earlier, each Intrusion Detection System and Anti-virus program requires signatures to capture malicious packets or mail. Because these signatures cannot be developed until the malicious packet/code has been discovered, this gives the attacker time to do his/her work. How many times have you logged in at your ISP and there is an e-mail waiting for you claiming to be from the ISP's customer services division requesting your user name, password and credit card number? Could an IDS system or anti-virus system detect this? That would depend. If this happens all the time then the answer is yes; otherwise, probably not. As technology advances, so will the type of virus we will be encountering. Social Engineering will become a critical part releasing and executing these viruses. The great thing about e-mail is that it only takes one person to open his/her e-mail to begin its circulation.

Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Friday, November 26, 2010

Download Hacker5 Magazine First Edition Free PDF Here

Download Hacker5 Magazine First Edition Free PDF Here

Hacker5 is India's First Hackers Magazine



---Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Thursday, November 25, 2010

"The world is lucky we're so nice : Milw0rm”

"I like the world in its current state (i guess), well its better than the world would be if the b0mb went b00m. think about it k1dz, it’s not clever, it’s not big, so don't think destruction is cool, coz it’s not […] So India, LISTEN TO WISE OLD MILWORM ... You do not need nuclear weapons in the 1990s!#@!" a part of the message, which was signed by JF, VeNoMouS, Hamst0r, Keystroke, savec0re and ExtreemUK,
This was the message left by MILWORM and group, after Bhabha Atomic Research Centre (BARC) in Mumbai. Rather the group came in limelight here after. milw0rm was a group of "hacktivists" best known for penetrating the computers of the Bhabha Atomic Research Centre (BARC) in Mumbai, the primary nuclear research facility of India, on June 3, 1998. . The message announcing Milw0rm's shutdown has been removed from the website. Submissions seem to have also been reopened. It is not yet clear if str0ke decided to continue alone, if he got assistance with reviewing exploits or if someone else took over the maintenance tasks entirely. Massive dd0s from someone which str0ke put them down in their server, One of the major sources of proof of concept (PoC) exploits on the Internet, milw0rm.com, closing down all of sudden miraculously. The website's maintainer, str0ke, gave thunder stroke to the used by announcing the closer of this site. While this is sad news for people familiar with the exploit release scene, as well as a fair amount of script kiddies by some accounts, it might not mean much for the uninitiated without some background history. Milw0rm was originally the name of a group of hackers with members from various parts around the globe that communicated with each other over IRC (Internet Relay Chat). The outfit went on to achieve international fame after it took credit for compromising the computer network of India's Bhabha Atomic Research Centre (BARC) in Bombay and gaining administrative access (root) on multiple systems during the night of June 3, 1998. The hackers walked off with confidential emails and classified documents about nuclear tests, amounting to around five megabytes. The first news outlet to break out the story at the time was Wired, which the collective contacted with proof of their feat. The reasons behind the attack were mostly political in nature. The group's members, who were still teenagers at the time, wanted to show their disapproval over the development and testing of atomic weapons, making this pretty clear by defacing the BARC home page and posting pacifist messages. The group disbanded soon after this high-profile hack, or at least its members stopped being hacktivists. Several years later, in 2004, Keystroke, who is, today, better known as str0ke, went on to set up milw0rm.com as a place to publish PoC exploits, with the consent of some of his former comrades. In order to ensure a high quality for the published content, str0ke personally verified and tested all exploits submitted by other hackers, something that, unfortunately, he can no longer do. He goes on to explain that, "For the past 3 months I have actually done a pretty crappy job of getting peoples work out fast enough to be proud of, 0 to 72 hours (taking off weekends) isn't fair to the authors on this site." Finally, the hacker extends his thanks to everyone who contributed to the website. "I appreciate and thank everyone for their support in the past. Be safe, /str0ke," he signs off.
The submissions of exploits got closed, the hackers who used to explore their dreams here got panic, and there were whispers around, IRC community of hackers was in grave discussions about the same,  str0ke no more remained the same keystroke from milw0rm. str0ke was not in the original milw0rm which hacked BARC and many other sites. The hacker and exploit writers started accusing him for many reasons. This was the Black day in history....This is what happens when the best goes down; there was big conspiracy behind all this. Hackers like P3ac3 and 51l3n7 voice opinion but soon that disappeared with time. The message announcing Milw0rm's shutdown was removed from the website. Submissions also reopened. Then It was not very clear if str0ke decided to continue alone, if he got assistance with reviewing exploits or if someone else took over the maintenance tasks entirely.
Members of milw0rm was the international hacking team went by the aliases of JF, Keystroke, ExtreemUK, savec0re, and VeNoMouS(Real Name: Jodi Jones***). VeNoMouS, 18, hailed from New Zealand, ExtreemUK and JF, 18, from England, and Keystroke and Savec0re, 17 from the US. To date, none of the group have come forward with their real names or identities, and investigations of the incident by the CIA and FBI or any other intelligence organizations proved fruitless in deciphering their identities, which were well-hidden. However, numerous people who were not a part of milw0rm have come forward saying that they were responsible for the hacks. Their claims have been discredited. JF went on to achieve a modicum of notoriety when MTV "hacked" its own website intentionally and graffitied the words "JF Was Here" across the page, at the same time that JF was under investigation for the milw0rm attacks by Scotland Yard. Hundreds of pages hosted on MTV.com sported the new JF logo, including one page that read, JF was here, greets to milw0rm,VeNoMouS claimed that he learned to crack into systems from Ehud Tenenbaum, an Israeli hacker known as The Analyzer. Four days before the incident, the five permanent members of the United Nations Security Council, the US, Russia, United Kingdom, France and China, denounced both India and Pakistan for unilaterally declaring themselves nuclear weapons states. The day before the attack, Jacques Gansler, US undersecretary of defense for acquisition and technology, warned a military conference that teenage hackers posed "a real threat" to national security. On the night of June 3, 1998 from their workstations on three continents, the group used a US military .mil machine to break into the LAN, or local area network, of BARC and gained root access. The center's website, connected to the LAN, and their firewall was not secured enough to prevent the group from entering and gaining access to confidential emails and documents. The emails included correspondence between the center's scientists relating to their development of nuclear weapons. They then posted a statement of anti-nuclear intentions on the center's website. In the process of the break-in, the multinational group of teenagers -- from the United States, United Kingdom and New Zealand -- gained access to five megabytes of classified documents pertaining to India's nuclear weapons program. Savec0re erased all the data on two servers as a protest against the center's nuclear capabilities. To display their security breach publicly, they changed the center's webpage to display a mushroom cloud along with an anti-nuclear message and the phrase "Don't think destruction is cool, coz its not” Milw0rm then came forward with the security flaws they exploited in BARC's system, along with some of the thousands of pages of documents they had lifted from the server, concerning India's last five nuclear detonations. The group's purpose for the attack was to protest nuclear testing, according to Savec0re, VeNoMouS and JF. After the attack Keystroke claimed that the breach had taken "13 minutes and 56 seconds" to execute. Many news organizations reported breathlessly how the teenagers had penetrated a nuclear research facility in "less than 14 minutes." However, examining more closely the hacker's wording and tone in the interview, and especially the specificity of the "56 seconds" claim, it is apparent that Keystroke meant this as a lighthearted answer to the question, "Exactly how long did it take you?". The actual invasion took careful planning, routing through servers throughout the world from three different continents, and took days to execute. An Indian news agency reported that downloading thousands of pages from India's slow servers would have taken much longer than 14 minutes. The security breach was first reported by Wired News. Members of the group claimed credit by emailing Wired reporter James Glave with documents they had obtained from the BARC servers as proof. After first denying that any incident had occurred, BARC officials admitted that the center had indeed been hacked and emails had been downloaded. An official at BARC downplayed the severity and importance of the incident announcing that the security flaw resulted from "a very normal loophole in Sendmail," while going on to state that the center had not bothered to download a new version of the Sendmail program, responsible for the center's email servers. The center also admitted that after milw0rm's breach, the site had been hacked into again, this time with less severe consequences. Forbes wrote that perhaps up to 100 hackers had followed milw0rm's footsteps into the BARC servers once they were revealed as insecure. The website was shut down while its security was upgraded. Later, a senior US government official told ZDNet that the Indians had known about the flaw and had chosen to ignore it, creating the opportunity for milw0rm to root the servers. BARC officials said that none of the emails contained confidential information, the group did not destroy data, and that the computers they have that contain important data were isolated from the ones broken into.
Nevertheless, the breach was a severe one and had the potential to cause an incident of international proportions. Forbes called it "potentially the most devastating" hacking incident of 1998.After the attack, members of the group participated in an anonymous Internet Relay Chat (IRC) chat with John Vranesivich, the founder of hacking news website Anti-Online. Keystroke explained how if he wanted to, he could have sent threatening emails from the Indian email server to a Pakistani email server. If the group had possessed malicious intentions, the consequences for both south Asian countries could have been catastrophic. For these reasons, the milw0rm attack caused other groups to heighten their security to prevent invasion by hackers. The U.S. Army announced, without giving evidence as to why they believed this to be the case, that the hacks might have originated in Turkey, noting that "Turkey is the primary conduit for cyber attacks." A senior US official said that the CIA had obtained the material that milw0rm had purloined and was reviewing it-- the official did not mention how the CIA obtained this information.Later, Wired News revealed that an Indian national and self-proclaimed terrorist, Khalid Ibrahim, had approached members of milw0rm and other hacker groups on IRC-- including Masters of Downloading and the Noid-- and attempted to buy classified documents from them. According to savec0re, Ibrahim threatened to kill him if the hacker did not turn over the classified documents in question. The Electronic Disturbance Theater released a statement in support of JF, applauding him for his hacktivism and maintaining that computer break-ins of this sort were not cyber-terrorism as some claim.
One month after the BARC incident, in July 1998, milw0rm hacked the web hosting company Easyspace, putting their anti-nuclear mushroom cloud message on more than 300 of Easyspace's websites. The text placed on the sites read in part, "This mass takeover goes out to all the people out there who want to see peace in this world... This tension is not good, it scares you as much as it scares us. For you all know that this could seriously escalate into a big conflict between India and Pakistan and possibly even World War III, and this CANNOT happen..Use your power to keep the world in a state of PEACE.
While scanning a network for weaknesses, members of the group came across EasySpace, a British company which hosted many sites on one server. Along with members of the fellow hacking group Ashtray Lumberjacks, milw0rm had the revised mushroom cloud image and text on all of Easyspace's websites in less than one hour."It's ironic that India has weapons capable of destroying the world, but they can't secure a little web server which is connected to their networks." That’s how Milw0rm dead and inj3ct0r born..Who are the injectors? There are total four prime admins, and four key injectors running the show, after going through lots of legal mess now injectors are revamping their plans. JF who is CEO of this group, holds big team of black hat hackers, the other key holder injectors are form India and Pakistan. Milworms all published exploits were posted on injector, one of the amature injector, who is young and sill studying, has taken undue advantage of the situations that who the Injector came in existance, R00ter a pakistan based injector is one of the most brillient and strongest admin of this group,Microsoft is the biggest sponsor and one of the financial supports for this group….
read more details in my book ‘Cyber Terror"
As a journalist it's my right to discover and publish ...I know all the Hacker and injectors are pro..And the biggest irony is that they have their own private exploits what they have never published anywhere, just core impact (an exploiting software) has that exploits. Injector guys can be defined as pure cyber criminals.. Some of them are former member of PHC.. Pakistan hackers club, now this group have dissolved and is no more .and some of them are the members of ICW which is vanished recentely.. most of members are working in very good companies and different sectors and having good family life. These hackers have tremendous unity when it comes for wrong things, I am sure they will find their own ways to sabotage me and my interest. What I am doing is my profession, what they are doing is their passion.. I respect them from the bottom of my heart and do not expect the same.

Wednesday, November 24, 2010

Sextortion on Cyber Space: New Technique of Blackmail & Threatening Young People

Sextortion on Cyber Space: New Technique of Blackmail Threatening Young People

Who’s watching your child on her or his PC Webcam -- just friends? Don't be too sure.

Age-old crimes take on a new twist in the cyber-world of today. Not least of these is “sextortion,” where in a recent high-profile case, the FBI uncovered 200 victims in just one incident, many of whom were young or even underage.

As a term, sextortion has been around longer than most of us probably realize and way before the Web was around. An early use of the term was in a headline of a 1950 article, but no one can be in any doubt that sexual extortion itself has even older origins.

In the cyber-world of today, however, sextortion appears to have reached a whole new level. It is perpetrated through a form of social engineering, wherein enough information can be gathered about an individual to hold that victim to ransom.

Social networking makes compromising situations easily available to those searching. In the FBI case, the hacker used spear phishing techniques, an email spoofing fraud that targets a specific person, seeking unauthorized access to confidential data. This kind of spoof is accomplished by the hacker posing as a trusted source of the intended victim, such as a FaceBook Friend.

Once tricked into opening an attachment from the “trusted source,” a virus in the FBI case compromised the recipient’s computer, including its Webcam, microphone, and every keystroke. In examples of sextortion, the hacker, successfully reaching his target, is then able to spy on his victim through his or her own Webcam. In the case under discussion, the hacker was only discovered when he contacted one victim in an attempt to obtain an explicit video in exchange for not telling her parents. Luckily, the intended victim told her parents, who contacted their local FBI.

There are numerous viruses around that can take over Webcams. It is not new technology at all. Probably the best known virus of all is W32/R-bot-GR, which has hundreds of variants. Viruses such as this can actually turn on the Webcam remotely and the victim doesn’t even know she is being watched. Over the last 10 years cases have regularly popped up.

Perhaps one of the most worrying related cases was earlier this year in the Robbins v. Lower Merion School District case known as "WebcamGate." This is where spyware was installed on laptops issued by the school in what was a misguided attempt to oversee Web activities by students. Of course, this spyware could have been used by a hacker as well. Lower Merion District was accused of installing spyware on laptops used by its students, and recently settled with the school district by agreeing to pay $610,000 in compensation.

Around the same time was the case of a Wisconsin 12th grader sentenced to 15 years in prison after a high school sextortion scandal. The boy pretended to be a girl on FaceBook and used naked pictures fellow students sent him to blackmail the boys into having sex with him.

More recently, a mixture of sextortion and cyber-bullying led to tragic consequences. When a young student found that his roommate had allegedly plastered a live streamed video of him in a sexual encounter, he posted a message on Facebook and then deliberately plunged to his death off the George Washington Bridge.

So can we escape the clutches of the seemingly ever-present video recording of our every movement, be it Webcams, CCTV, or even that seemingly innocent little add-on gadget that may be the choice of someone close to you for Christmas this year? There are several of them around, they can easily move in any direction, come complete with a WiFi-enabled robotic Webcam, speaker, and microphone. They enable you -- or perhaps that friendly hacker and sextortionist just down the road -- to access your home from anywhere in the world.

Not wishing to put the damper on anyone who may have already picked this out for this Christmas, but perhaps a little additional PC security may be a good idea, to prevent the spear phishing in the first place. However, the obvious comes to mind in most of these cases: Do you know who your children are conversing with online? And, even more importantly, can they approach you if there is a problem?
SOURCE — Jart Armin, Editor of RBNexploit.com, a watch blog on the infamous RBN (Russian Business Network), and HostExploit.com

---Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Search Engine Optimization Secrets Tips & Tricks: Download Free Ebook

SEO For 2010: Search Engine Optimization Secrets
lulu.com| 2009 | ISBN: 0557161339 | MOBI, PDF | 252 pages | 31 MB

A very well-designed web site is useless if no one can find it on the web. If your company is going to succeed on the web, optimizing your site for search engine visibility is a must. Especially since it is the telephone book of the now, not the future. This book is written by the two most noted and accomplished experts in the field of search engine optimization (SEO) and provides you with proven guidelines, cutting-edge techniques, tips, and the how-to's for planning and executing a comprehensive SEO strategy.This is the first book to cover the Bing search engine in-depth. It tackles how to submit your website to the search engines, basic to advanced optimization techniques, learn how to determinetrophy keywords, keyword density, little known tricks and methods pros use, learn how to increase your rankings, and learn from those who started the entire SEO industry.This is the only guide you need!

Download Depositifiles.com


Download Hotfile.com

---Do you want to share you views?? Just leave a comment here. you can also drop an email on amarjit@freehacking.net

Monday, November 22, 2010

IBM uncloaks 20 petaflops BlueGene/Q super

SC10 Although everybody seems to be excited about GPU-goosed supercomputing these days, Big Blue is sticking to its Power-based, many-cored BlueGene and Blue Waters massively parallel supers, and revving them up to bust into the 20-petaflops zone. The Blue Waters massively parallel Power7-based supercomputer and its funky switching and interconnect, and very dense packaging were the big iron of last year's SC09 event in Portland, Oregon, which El Reg told you all about here. And we've covered the GPU additions to the iDataPlex bladish-rackish custom servers IBM builds, as well as the forthcoming GPU expansion blade for Big Blue's BladeCenter blade servers, which are due in December and which are also special-bid products.But the BlueGene/Q super — made of fleets of embedded PowerPC processor cores — is still, in terms of aggregate number-crunching power, the biggest and baddest HPC box on the horizon from IBM for the next two years.IBM lip-smackingly announced the sale of the "Sequoia" BlueGene/Q supercomputer to the US Department of Energy back in February 2009, just as the current BlueGene/P machines were ramping up production. But the company did not provide many details about the architecture, except that it would pack 1.6 million cores into a single cabinet, would have 1.6PB of storage, a peak performance of 20 petaflops, and burn 6.6 megawatts of juice. The machine will be installed at Lawrence Livermore National Laboratory, which bought the first experimental BlueGene/L super.
This week IBM yanked a compute node and an I/O out of the prototype portion of the future BlueGene/Q super that's installed at its Watson Research Center in New York and showcased them at the SC10 supercomputing show, the first outing of the BlueGene/Q system components.To understand BlueGene/Q, you have to compare it to the prior BlueGene machines and their predecessors to see how far the design has come and why IBM still believes that the BlueGene approach — small cores, and lots of them — provides the best bang for the watt.
The original BlueGene/L machine was based on some early parallel-computing design work done in the early 1990s by IBM in conjunction with Columbia University, Brookhaven National Laboratory, and RIKEN (the big Japanese government-sponsored super lab) to make a massively parallel machine called QCDSP to do quantum chromodynamics calculations using digital signal processors.A follow-on machine called QCDOC replaced the DSPs with embedded PowerPC processors, putting 64 compute nodes on a single board that interconnected with a proprietary backplane.In December 1999, IBM ponied up $100m of its own dough to create the original BlueGene/L machine, aiming the box at massive protein-folding problems. Two years later, LLNL saw that such a machine could be used for nuclear weapons simulations and placed the first order for the prototype.By the fall of 2004, a prototype of the BlueGene/L machine became the fastest supercomputer in the world, using eight BlueGene/L cabinets and 1,024 compute nodes for a sustained performance of 36 teraflops. That machine has been upgraded many times, and now has reached its full system configuration, which includes 65,536 compute nodes and 1,024 I/O nodes (both based on 32-bit PowerPC processors).BlueGene/L held the top spot on the Top 500 ranking of supercomputers, which is based on the Linpack Fortran benchmark test, for four years. The machine is based on single-core 32-bit PowerPC 440 processors that spin at 700MHz and which are packed two cores to a die with a shared L2 and L3 cache. Each core has two floating-point units as well as memory controllers, on-chip Gigabit Ethernet interfaces, and the proprietary interconnect that implements a 3D torus interconnect (derived from the Columbia University machines) that runs the Message Passing Interface (MPI) clustering protocol to lash the nodes together like oxen pulling a cart.The BlueGene/L machine at LLNL, which was first installed in 2005 and which has been upgraded a number of times, has 131,072 cores, 32TB of aggregate main memory, a peak performance of 367 teraflops, a sustained performance of 280.6 teraflops on the Linpack test, and burns around 1.2 megawatts. The machine is air-cooled.IBM's currently selling massively parallel box is the BlueGene/P, which puts four 850MHz PowerPC 450 cores on a chip with the memory controllers, floating point unit, and BlueGene interconnect on the chips as well as a beefed-up 10 Gigabit Ethernet controller and the old Gigabit Ethernet port on the chip. Those PowerPC 450 cores are still 32-bit units, by the way.Each BlueGene/P node can support 2GB of main memory (512MB for each core), and the 3D torus has 5.1GB/sec of bandwidth and somewhere between 160 nanoseconds and 1.3 microseconds of MPI point-to-point latency between its nearest peers in a single node — that's a factor of 2.4 more bandwidth and about 20 per cent lower latency.The BlueGene/P collective network that brings the nodes together has 1.7GB/sec of bandwidth per port (2.4 times that of the BlueGene/L machine) and there are three ports per node that have a 2.5 microsecond latency talking to other nodes. In a worst-case scenario, where a node has to make 68 hops across 72 racks in the 3D torus to reach another node to get data, the latency is 5 microseconds, a big improvement over BlueGene/L, which took 7 microseconds to make the same hops.
An optical 10 Gigabit Ethernet network links the BlueGene/P nodes to the outside world and there is a Gigabit Ethernet network for controlling the system. The BlueGene/P system puts 1,024 compute nodes in a rack and from 8 to 64 I/O nodes (which plug into the same physical boards as the compute nodes) per rack. The machine delivers 13.9 teraflops per rack and can scale up to 256 racks, for a 3.56 petaflops of peak (not sustained) number-crunching performance across more than 1 million cores.The BlueGene/Q nodes, like their BlueGene/L predecessors, were air-cooled and put compute and I/O nodes on the same node boards. The BlueGene/P machines crammed twice as many cores onto a chip module (four cores instead of two) and twice as many compute nodes (32 instead of 16) onto a single compute drawer, basically quadrupling the cores and nearly quintupling floating-point performance.The power drain on BlueGene/P also went up by a factor of 1.5, with a petaflops of peak oomph burning about 2.9 megawatts. But the performance per watt increased by 9 per cent, so it was a net gain on all fronts: performance and energy efficiency.With the BlueGene/Q designs, IBM is doing a number of different things to boost the performance and energy efficiency of the massively parallel supers. First, the BlueGene Q processors — called BGQ for short at IBM — bear some resemblance to IBM's Power7 chip used in its commercial servers, and an even stronger resemblance to the Power A2 "wire-speed" processors, which El Reg discussed in detail this year as they were announced. Like these two commercial chips, the BlueGene/Q processor is a 64-bit chip with four threads per core. The BlueGene/Q processor module is a bit funky in that it has 17 cores on it, according to Brian Smith, a software engineer for the product who was demonstrating the compute and I/O modules at the SC10 expo. On that BGQ processor, one of the cores will run a Linux kernel and the other 16 are used for calculations, according to Smith.The cores used in the BlueGene/Q prototype run at 1.6GHz, compared to the 2.3GHz speed on the sixteen-core Power A2 wire-speed processor. (The cores could be the same or very similar on both chips.) With the BlueGene/Q super, not only is the BGQ chip moving to 64-bits, but it also has four threads per core to increase its efficiency.