7 Iranian Hackers will spend their future in Prison

On Thursday, a Department of Justice indictment of US said seven IRANIAN hackers are responsible for near about 190 DDoS (Denial of Service) attacks, which happened between years 2011-2013. These hackers had targeted a number of US Banks and Dams. According to US Government, these hackers were working for Revolutionary Guard Corps of IRAN.

 

Why US is accusing these IRANIAN hackers?

These hackers were the IT professionals at two IRANIAN companies, Mersad and ITSecTeam. IRANIAN Government was paying to these hackers for conducting attacks on United States. All the seven hackers were professional hackers as they had targeted top banks of United States. Bowman Avenue Dam is a small dam in New York City. This dam was also hacked by one of these seven hackers. The control flow of water at that dam was in the hands of hackers.

Attorney General Loretta Lynch said at a news conference,” US Government will not allow any country, group and individual to destroy his financial systems. All countries could compete with US in free market with a fair competition.” Department of Justice said, these IRANIAN hackers had directed up to 140 GB data per second during DDoS attacks on banks of United States. Most of the attacks happened in September 2012 but after that US was facing a new DDoS attack every week. As these hackers were crashing servers of banks of US, but they were failed to steal personal information of bank customers.

 

How attackers were performing attacks?

As usual, hackers were performing these DDoS attacks with the help of a large network. All the computer systems of this network were first infected with Malware. Hackers were spreading malware through third party websites. Federal Bureau of Investigation (FBI) was doing work with internet service providers to investigate these attacks. At the end FBI said, hackers were using large bandwidth to upload more than 100 GB data per second on the bank servers of US. Now more than 90 percent computers are free from that network, which is called the botnet.

According to a report of DOJ (Department of Justice), the hackers are the members of two more Iranian hacking teams Ashiyane Digital Security Team and Sun Army. Sadegh Ahmadzadegan and Omid Ghaffarinia are leaders of these seven hackers. They are famous on Internet with the short names used by them “Nitr0jen 26” and “PLuS’ respectively. These are the guys who hacked into NASA also in 2012. DDoS attacks on banks were a normal thing and these were defend by Security teams but the attack on Bowman Dam was a thing of worry. According to an official, a person named Hamid Firoozi was obtaining unauthorized access into the systems of Bowman Dam between August, 2013 and September 2013.

US government have charged all the seven hackers for computer hacking offenses. All the seven hackers will face 10 years prison. The one hacker, who is responsible for Dam hack, will spend 15 years in prison.

17 million login credentials of Yahoo Japan are stolen

According to a report of Japanese newspaper “The Yomiuri Shimbun”, Metropolitan Police Department of Tokyo has found 18 million login credentials. More than 90 percent of this 18 million credentials, is related to users of “Yahoo Japan”.

How they found these login credentials?

Tokyo police found these stolen login credentials on a server of Tokyo based company. The name of the company is “Nicchu Shinsei Corp”. Therefore police had arrested the president of this company. A number of employees of this company are also in the custody of Tokyo Police. More than 17 million login credentials belongs to users of Yahoo Japan. Beside it login credentials of Facebook, Twitter and many local e-commerce websites are also included in it.

Most of these credentials are belongs to Yahoo Japan

According to Yahoo, all the affected accounts have been recovered by the company. Yahoo launched an emergency password reset program for its users. Security experts also found the logs of a “Brute Force Tool” on the servers of Yahoo. According to investigators, the server of Yahoo had also been used by hackers for illegal money transactions. Yahoo was in a big trouble.

Who is “Nicchu Shinsei Corp?

Japanese hackers were using services offered by this company. This company was selling these login credentials and many proxy services to hackers illegally. Hackers were using these accounts to invite internet users to visit third party fraud websites designed by them. Hackers were also stealing reward points of victims by accessing their accounts. This is not the first time that police have found stolen login credentials on the servers of local companies. Before this, 8 million stolen login credentials were found by Security Agencies of Japan last year.

An online cyber criminal community of Japan “Japanese Criminal Underground” is responsible for many cyber crimes which are happening in Japan. Japan's National Police Agency of Cybercriminals activities said in a report that , until March 2015 Cybercrime in Japan is increased 40 percent as compared to last year. Japan also suffered a major data breach in June 2015, which was related to Pension Service of Japan. Login access of more than one million pensioners, were in the hands of hackers.

“Japanese Criminal Undergroud” is very active and clever community of hackers, which are expert in selling and buying illegal products on dark web. Drugs, stolen login credentials, Credit Card info, phone numbers, child pornography,weapons and Duplicate passports are included in the list of these illegal products. The hackers of this hacking community were also targetting users of many Japanese banks, by spreading different types of Malware. Shifu, Neverquest, Brolux and Rovnix are some famous Malwares used by these hackers.

Hackers manipulated PLC settings at water treatment plant

Hackers manipulated the programmable logic controllers that managed the amount of chemicals used to treat the water to make it safe to drink.

Hackers breached a water company’s industrial control system and made changes to valve and flow control settings, Verizon revealed in its latest Data Breach Digest.

The unnamed water district had asked Verizon to assess its networks for indications of a security breach. It said there was no evidence of unauthorized access, and the assessment was a proactive measure as part of ongoing efforts to keep its systems and networks healthy.

Verizon examined the company’s IT systems, which supported end users and corporate functions, as well as Operational Technology (OT) systems, which were behind the distribution, control and metering of the regional water supply.

The assessment found several high-risk vulnerabilities on the Internet-facing perimeter and said that the OT end relied heavily on antiquated computer systems running operating systems from 10 or more years ago.

Many critical IT and OT functions ran on a single IBM AS/400 system which the company described as its SCADA (Supervisory Control and Data Acquisition) platform. This system ran the water district’s valve and flow control application that was responsible for manipulating hundreds of programmable logic controllers (PLCs), and housed customer and billing information, as well as the company’s financials.

Interviews with the IT network team uncovered concerns surrounding recent suspicious cyber activity and it emerged that an unexplained pattern of valve and duct movements had occurred over the previous 60 days. These movements consisted of manipulating the PLCs that managed the amount of chemicals used to treat the water to make it safe to drink, as well as affecting the water flow rate, causing disruptions with water distribution, Verizon reported.

An analysis of the company’s internet traffic showed that some IP addresses previously linked to hacktivist attacks had connected to its online payment application.

Verizon said that it “found a high probability that any unauthorized access on the payment application would also expose sensitive information housed on the AS/400 system.” The investigation later showed that the hackers had exploited an easily identified vulnerability in the payment application, leading to the compromise of customer data. No evidence of fraudulent activity on the stolen accounts could be confirmed.

However, customer information was not the full extent of the breach. The investigation revealed that, using the same credentials found on the payment app webserver, the hackers were able to interface with the water district’s valve and flow control application, also running on the AS/400 system.

During these connections, they managed to manipulate the system to alter the amount of chemicals that went into the water supply and thus interfere with water treatment and production so that the recovery time to replenish water supplies increased. Thanks to alerts, the company was able to quickly identify and reverse the chemical and flow changes, largely minimizing the impact on customers. No clear motive for the attack was found, Verizon noted.

The company has since taken remediation measures to protect its systems.

In its concluding remarks on the incident, Verizon said: “Many issues like outdated systems and missing patches contributed to the data breach — the lack of isolation of critical assets, weak authentication mechanisms and unsafe practices of protecting passwords also enabled the threat actors to gain far more access than should have been possible.”

Acknowledging that the company’s alert functionality played a key role in detecting the chemical and flow changes, Verizon said that implementation of a “layered defense-in-depth strategy” could have detected the attack earlier, limiting its success or preventing it altogether.