Google Indonesia was Hacked

As reported today few hours back Google Indonesia was Hacked and left defaced page for hours. The technology gaint Google Indonesia domain which is www.google.co.id was hacked and left defaced for several hours in morning, The very famous Pakistani hackers group “Team Madleets” claimed responsibility for the hack.

Google Indonesia was hijacked using a hacking method known as DNS Spoofing ( DNS Cache Poisoning ) . Pakistani hacker’s group “Team Madleets” are known for such attacks targeting big websites like Google, Last year the same method was used to hijack Google Malasiya domian.

What is DNS Poisoning?
In short, DNS spoofing or DNS cache poisoning is a hacking attack, whereby data is introduced into a Domain Name System (DNS) name server’s cache database, causing the name server to return an incorrect IP address, diverting traffic to another website.

Normally, a networked computer uses a DNS server provided by an Internet service provider (ISP). which are deployed to improve resolution response performance by caching previously obtained query results

Attacker spoofs the IP address DNS entries for a target website on a given DNS server, replacing it with the IP address of a server which he controls, thus redirecting the whole traffic to his deface page. It is believed that the DNS spoofing led the Google Indonesian users to another IP which carried the Madleets defaced page.

Google Indonesia Website was left defaced for several hours
While it is not clear for how long the Google Indonesia website was left defaced, but reports suggest that the attack continued for hours, Team MaDLeeTs also changed the earlier deface page planted after 2 hours with a new one.

BadUSB Malware Returns

Back in July, a massive security hole was discovered ” BadUSB ” that can gave hackers the ability to hijack billions of USB devices, from keyboards, printers to USB drives. Because of the severity of the issue, the researchers who discovered the security flaw didn’t publish their BadUSB exploit code.

However, after that two other hackers have worked out on how to exploit BadUSB and released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. Also they’ve published their BadUSB Malware source code on open source code hosting website Github for public. Device makers are pressured to actually fix the security flaw before millions of users have their USB devices exploited, which is a big problem as there’s no easy security fix for BadUSB Malware.

What is BadUSB ?
BadUSB Malware Released - Infect millions of USB DrivesIn short, every USB drives has a microcontroller in it which is a small chip that acts as an interface between the device ( keyboard, or flash drive) and the host (PC). This small chip often has firmware that can be reprogrammed to do notorious things, such as logging your keystrokes and infect your Personal computer with malware, or something much worse. BadUSB is really very dangerous because of one factor which is “It is Undetectable”, even if scanned by Antivirus program.

The security researchers who originally discovered the BadUSB are Karsten Nohl and his friends at SR Labs announced that the BadUSB bug exists in July, and shared more details with device makers. Here you can watch the video of their presentation. The German security researchers did not publish their source code because they thought it would be dangerous and too hard to patch.

We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that USB Manufacturer Phison will add extra support for signed updates to all of the controllers it sells,” Caudill said in his Blog. “Phison electronics isn’t the only player, though they are the most common I’d love to see them take the lead in improving security for these devices.

Now, however two security researchers Adam Caudill and Brandon Wilson at Derbycon in Kentucky have discovered the same BadUSB bug and, more importantly, they’ve published their proof-of-concept. They has capability to spread itself by hiding in the firmware meant to control the ways in which USB drives connect to computers.

If you know what you’re doing, you can grab the source code and start exploiting USB devices straight away. The hack utilizes the security flaw in the USB that allows an attacker to write a self-replicating worm that key logs passwords and other sensitive data stands to make millions of dollars.

Source Code is Available On Internet for Free
The two security researchers justify their release in Derbycon Hacker Conference in Louisville last week, both were able to reverse engineer the USB firmware & infect it with their own malicious code & hijack the associated device. They also underlined the danger of the BadUSB hack by going in-depth of the source code.

The two security researchers replicated the emulated keyboard attack, and also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.

BadUSB vulnerability presents in only one Taiwanese electronics company which is Phison electronics. But the Phison USB device can infect any device they are plugged into. The Taiwanese USB Manufacturer has not yet revealed for whom it manufactures USB drives.

BadUSB Vulnerability is Undetectable & Unpatchable
The Vulnerability flaw in Phison USB basically modifies the firmware of USB devices, which can be done from inside the operating system easily and hides the malware in USB devices in a way that it become almost impossible to detect it, even by Antiviruses. The security flaw goes even more worst when complete formatting or deleting the contents of a USB device wouldn’t vanish the malicious code, as it is embed in the firmware.

According to Wired, this BadUSB vulnerability is practically unpatchable because it exploits the very way that USB device is designed. If Once infected, each USB drive will infect anything it’s connected to.

Impact of BadUSB Vulnerability
Once the device is compromised, the USB devices can reportedly:

1). Log keystrokes
2). alter folders & files
3). infect other devices & systems
4). spoofs a network card to change the computer’s DNS setting
5). Install malware & Control Keyboard

Protection Against the BadUSB Attack
For the time being, the best mitigation against BadUSB vulnerability and other similar exploits is good security practices. Always Keep your software updated & never open any files which you don’t recognize, and don’t plug any devices into your computer unless you know where they’ve been.

List of Cyber Attacks and Data Breaches in September

Although this month’s list may not be as long as August’s, it’s by far the most shocking of the year so far. The number of payment card breaches in the US appears to be going up and up and an end isn’t in sight. This list will continue to be updated until the very end of September, and as there’s a high chance of more breaches due to the revelation of Shellshock, I suggest you come back for updates.

Payment card breaches

880,000 Affected by Viator Payment Card Breach

Hundreds of US Stores Affected as POS Provider is Hacked

Biggest ever data breach? Home Depot hack attack could involve 60 million payment cards

800k Payment Cards Compromised in Goodwill Industries Breach

Payment card data stolen in Jimmy John’s data breach

Hotel Chain Suffers Payment Card Breach

Personal data breaches

Florida medical center hit with breach for third time in two years

Data breach at Tampa General Hospital

Central Utah Clinic notifies over 30K patients of potential HIPAA breach

Computer hardware containing patient data stolen from Ohio plastic surgery office

5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?

Other attacks and breaches
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT

Biggest attack on RT.com: Website hit by 10 Gbps DDoS

Operation Harkonnen: European Cyber Espionage Went Undetected for 13 Years

Naked pictures of Jennifer Lawrence and other celebrity starlets leak online

eBay XSS vulnerability used iPhones as bait, redirected users to phishing page

Hackers attack Namecheap accounts

Healthcare information compromised at Temple University, Philadelphia

ObamaCare Website Hacked

New ‘Shellshock’ bash bug affects 500 million computers, servers and devices.