Wednesday, October 15, 2008

FBI Infiltrates Identity Thief MarketPlace

We all know that crime fighting agencies will send agents into organized crime groups in hopes of being accepted and exposing the inner workings of the crime syndicate. However, I hadn't heard many of these stories in the online world. Not because they don't happen, but most likely because I haven't come across the stories.

I found this article particular interesting. In 2006, "Master Splyntr" (FBI agent Mularski) joined DarkMarket.ws under the guise of a spammer. He was eventually invited to work as a system administrator and for nearly two years the FBI gathered information about identity thieves and used the site to track the IP addresses and use of stolen information. DarkMarket.ws is one of many virtual marketplaces for identity thieves to broker skimmers, identities and even phishing schemes. The site was rather developed and included peer reviews of users and product reviews of items for sale.

Just recently the site was shutdown by the FBI and hopefully several arrests will be following.

I also found this snippet entertaining
The German report confirm rumors that have swirled around DarkMarket since late 2006, when uber-hacker Max Ray Butler cracked the site's server and announced to the underground that he'd caught Master Splynter logging in from the NCFTA's office on the banks of the Monongahela River. Butler ran a site of his own, and the warning was generally dismissed as inter-forum rivalry, even when Butler was arrested in San Francisco last year on credit card fraud charges, and shipped to Pittsburgh for prosecution.


Full Article

Tuesday, October 14, 2008

Help Digg the OWASP Conference in Portugal

Help support OWASP and spread the word about the upcoming OWASP conference in Portgual!

Able to digg?
http://digg.com/security/Web_Application_Security_experts_meet_at_Portugal

The OWASP Summit will be a worldwide gathering of OWASP leaders and key industry players to present and discuss the latest OWASP tools, documentation projects, and web application security trends. The agenda includes two days of application specific training courses from app sec leaders, two days of working sessions to discuss key application security challenges (ex: OWASP Top 10 2009, OWASP Code Review Guide 2009,ISWG:Web Application Framework Security), and two more days of lightning talks on the multitude of new OWASP tools and knowledge from the 2008 Season of Code! Also, OWASP is featuring a two day business track focusing on business issues in the application security world.

OWASP is the group that brought you, OWASP Top 10, WebScarab, ESAPI, Anti-Samy
and my own Summer of Code Project, AppSensor!

Join us at the event and help spread the word.

Digg it
OWASP Summit 2008

See you there!
-Michael

And by the way, aren't you curious where the event is being held :)


[update Tues 10/16]
Se pode leer português...
http://camargoneves.com/2008/10/16/owasp-summit-digg/

Monday, October 13, 2008

MIT Subway Hacking Inspires Netherlands Hacking

Hmm, seems the MIT group has some followers looking to attack RFID in other parts of the world.

A group of scientists at a Dutch university has discovered a way to crack and clone a form of electronic identification cards that are commonly used to provide access to office buildings, but are also employed as fare cards by Canadian transit companies Article

Here is the original MIT presentation which was never given at the 2008 blackhat: Anatomy of a Subway Hack

-Michael Coates

Friday, October 10, 2008

World Bank Hacked Big Time

While it remains unclear how much data has been pilfered from the bank, it's a lot. According to internal memos, "a minimum of 18 servers have been compromised," including some of the bank's most sensitive systems — ranging from the bank's security and password server to a Human Resources server "that contains scanned images of staff documents." Story


[Update: Monday, Oct 13]
It looks like there is some push back from the World Bank spokesperson claiming "The Fox News story is wrong and is riddled with falsehoods and errors. The story cites misinformation from unattributed sources and leaked emails that are taken out of context."

True, Fox News is the only news source reporting on this story (other stories all link back to this one), but this also sounds like some spin control by the bank. It looks like Fox is mostly basing this story on a few emails they acquired.

From the emails:
"it was determine that the suspicious incident was indeed the result of a compromised, privileged, account."

"Two-factor authentication on all Admin accounts is being completed. Passwords have been changed on all administrator and service accounts"

The email contains a list of the servers that were compromised. This list includes the WBDC104 (Domain Controller) and WBES126 (HR Server). So, we have a privileged account that has been compromised, all other admin accounts implementing 2 factor authentication and changing the passwords, and the domain controller was compromised. This still looks pretty bad.

Take a look for yourself.

Email 1
Email 2



-Michael Coates